Blog
Avoiding OS command injection
Every command call and dynamic code generation method is a ticking bomb and must be handled accordingly. Read more
How to Choose the Right Penetration Testing for Your Business?
Select the ideal penetration testing for your business by evaluating objectives, system complexity, regulatory needs, and potential threats. Prioritize tailored… Read moreAvoiding Templates injection
The best way to prevent server-side template injection is to not allow any users to modify or submit new templates. Read more
Getting Started with Cybersecurity for Your Company: A Short Guide
Start Cybersecurity: Assess risks, define assets, train staff, and implement defenses. Prioritize protection, monitor threats, and adapt strategies for resilience. Read moreAvoiding other injections
Secure coding practices prescribe that spring expressions using dynamic values should be avoided. Read more
Myths and Realities of Code Security Review
Ensuring effective code security is about being practical. By dispelling myths and facing realities, these insights can guide us toward… Read moreInsecure deserialization
Insecure deserialization is when user-controllable data is deserialised by a website. This potentially enables an attacker to manipulate serialised objects… Read more
The Evolution of Security Testing: Navigating the DORA Framework for the Financial Sector
The DORA Framework introduces stringent guidelines for the financial sector's cybersecurity. This evolution mandates advanced security testing methodologies beyond traditional… Read moreInput processing vulnerabilities
Input validation is a frequently-used technique for checking potentially dangerous inputs in order to ensure that the inputs are safe… Read more
Custom Approaches for Different Maturity Levels in Cybersecurity
Tenendo proposes alternatives and customized red teaming engagements to fit specific customer needs and budgets, ensuring security maturity alignment. Read moreSpring4Shell as a class injection example
Two serious vulnerabilities leading to remote code execution (RCE) have been found in the popular Spring framework, one in Spring… Read more
