Blog

Avoiding Templates injection

The best way to prevent server-side template injection is to not allow any users to modify or submit new templates. Read more

Getting Started with Cybersecurity for Your Company: A Short Guide

Start Cybersecurity: Assess risks, define assets, train staff, and implement defenses. Prioritize protection, monitor threats, and adapt strategies for resilience. Read more

Avoiding other injections

Secure coding practices prescribe that spring expressions using dynamic values should be avoided. Read more

Myths and Realities of Code Security Review

Ensuring effective code security is about being practical. By dispelling myths and facing realities, these insights can guide us toward… Read more

Insecure deserialization

Insecure deserialization is when user-controllable data is deserialised by a website. This potentially enables an attacker to manipulate serialised objects… Read more

The Evolution of Security Testing: Navigating the DORA Framework for the Financial Sector

The DORA Framework introduces stringent guidelines for the financial sector's cybersecurity. This evolution mandates advanced security testing methodologies beyond traditional… Read more

Input processing vulnerabilities

Input validation is a frequently-used technique for checking potentially dangerous inputs in order to ensure that the inputs are safe… Read more

Custom Approaches for Different Maturity Levels in Cybersecurity

Tenendo proposes alternatives and customized red teaming engagements to fit specific customer needs and budgets, ensuring security maturity alignment. Read more

Spring4Shell as a class injection example

Two serious vulnerabilities leading to remote code execution (RCE) have been found in the popular Spring framework, one in Spring… Read more

DORA and PCI DSS

Article will help to introduce DORA requirements to those who have years of cybersecurity experience but are very new to… Read more

JNDI injection

Java Naming and Directory Interface (JNDI) is a Java API that allows clients to discover and look up data and… Read more

JNDI injection. Log4Shell case study

On December 10, 2021, Apache released a fix for CVE-2021-44228, a critical RCE vulnerability affecting Log4j that is being exploited… Read more