Blog | Tenendo

JNDI injection. JDBC

Preventing JNDI injection vulnerabilities by using a source code review is always a good idea.

Avoiding injection vulnerabilities

Injection attacks refer to a broad class of attack vectors. In an injection attack, an attacker supplies untrusted input to a program. This input gets…

Avoiding XSS injection vulnerabilities

In this section, we'll describe some general principles for preventing cross-site scripting vulnerabilities and ways of using various common technolog…

Avoiding OS command injection

Every command call and dynamic code generation method is a ticking bomb and must be handled accordingly.

Avoiding Templates injection

The best way to prevent server-side template injection is to not allow any users to modify or submit new templates.

Avoiding other injections

Secure coding practices prescribe that spring expressions using dynamic values should be avoided.

Cloud Infrastructure Audit and Performance testing case

The main goal of the Technical Audit from a customer request was to understand if the system is scalable or not and provide guidance for improvements.

PCI DSS segmentation testing case

The team created several hardware connect-back appliances and used it in a PCI DSS segmentation testing.

Case Study: Strengthening Compliance with NIST CSF 2.0

Poor network segmentation enabled an attacker to pivot from internal access to full cloud takeover.

Application Threat Modelling and Phishing Attack Chain Case

A threat model helped prioritize vulnerabilities, leading to the identification of a phishing attack chain that bypassed MFA and allowed unauthorized …

Application Penetration Testing

Infrastructure Assessment

Cloud Infrastructure

Performance and scalability assessment

Cybersecurity assessment

Threat Intelligence

Red Teaming

Compliance Readiness Services

Purple Teaming

Training

Due Diligence

Insides

Case Studies

Contact Us

About Tenendo

Contact us: