Contact us: info@tenendo.com
Insides
-
WordPress to Static Site on AWS: Architecture, Tooling, and the Edge Cases
This write-up covers the full production architecture: how Staatic handles the export and CloudFront deployment, why sitemaps need a separate solution and how we built one, and what the request path looks like when WordPress is entirely out of it.
-
PCI DSS Segmentation Testing Prerequisites
PCI DSS segmentation testing in cloud environments requires careful preparation to allow effective testing while limiting impact on operations.
-
Getting Started DORA Compliance today
A revolutionary partnership between AmonSul, Tenendo, and Trausta streamlines DORA compliance into a seamless 12-week process: gap assessment, threat intelligence, red teaming, and compliance reporting. Organizations save up to 40% while maintaining regulatory independence, transforming complex compliance into cost-effective success.
-
Comprehensive DORA Compliance
An Integrated Cybersecurity Solution for European Financial Organizations
For more information about integrated DORA compliance solution, contact us
Case Studies
-
Cloud Infrastructure Audit and Performance testing case
The main goal of the Technical Audit from a customer request was to understand if the system is scalable or not and provide guidance for improvements.
-
Case Study: Strengthening Compliance with NIST CSF 2.0
Poor network segmentation enabled an attacker to pivot from internal access to full cloud takeover.
-
Payment processing API penetration testing
Tenendo specialists discovered an unattended staging environment and leveraged its vulnerabilities for sensitive information disclosure. This information was later reused in an attack against the main application, that allowed us access to the payment API on behalf of other customers of our Client.
-
Client-Bank application compromise
This case is a very good example why manual penetration tests are valuable – the team achieved compromise without administrator access to the application, not using any known exploits or discovering injection/deserialization/other RCE flaws.