Blog | Tenendo

Secure secrets management in Docker containers. Part 1

Secure secrets management in Docker containers from the offensive point of view. With examples and demo scripts.

Insecure deserialization

Insecure deserialization is when user-controllable data is deserialised by a website. This potentially enables an attacker to manipulate serialised ob…

Input processing vulnerabilities

Input validation is a frequently-used technique for checking potentially dangerous inputs in order to ensure that the inputs are safe for processing w…

Spring4Shell as a class injection example

Two serious vulnerabilities leading to remote code execution (RCE) have been found in the popular Spring framework, one in Spring Core and the other i…

JNDI injection

Java Naming and Directory Interface (JNDI) is a Java API that allows clients to discover and look up data and objects via a name.

JNDI injection. Log4Shell case study

On December 10, 2021, Apache released a fix for CVE-2021-44228, a critical RCE vulnerability affecting Log4j that is being exploited in the wild.

JNDI injection. JDBC

Preventing JNDI injection vulnerabilities by using a source code review is always a good idea.

Avoiding injection vulnerabilities

Injection attacks refer to a broad class of attack vectors. In an injection attack, an attacker supplies untrusted input to a program. This input gets…

Avoiding XSS injection vulnerabilities

In this section, we'll describe some general principles for preventing cross-site scripting vulnerabilities and ways of using various common technolog…

Avoiding OS command injection

Every command call and dynamic code generation method is a ticking bomb and must be handled accordingly.

Application Penetration Testing

Infrastructure Assessment

Cloud Infrastructure

Performance and scalability assessment

Cybersecurity assessment

Red Teaming

Compliance Readiness Services

Purple Teaming

Training

Due Diligence

Insides

Case Studies

Contact Us

About Tenendo

Contact us: