Tenendo Experts

We enhance the paradigm of consultancy and offer on-demand,
granular and transparent, highly scalable and cost-effective consultancy services.

talk to an expert

Experience and accreditations

With more than 20 years of total experience in cybersecurity and testing, our experts hold the following certifications:

Compliance and information security:

  • Certified Information Systems Auditor (CISA)
  • Cisco Certified Network Associate (CCNA)
  • ISO 27001 Lead Implementor
  • AWS Cloud Practitioner

Test consultancy:

  • ISTQB Advanced Level Test Manager (CTAL-TM)
  • ISTQB Advanced Level Technical Test Analyst (CTAL-TTA)
  • ISTQB Foundation Level

Penetration testing:

  • Offensive Security Experienced Penetration Tester (OSEP)
  • Offensive Security Certified Professional (OSCP)
  • Certified Red Team Expert (CRTE)
  • Certified Ethical Hacker (CEH)

Testing Management

Testing Management

In a management assessment the emphasis is mainly on leadership qualities. In this assessment the focus was on issues like independence, delegating and communication.

Read More

The New Way of Working

The New Way of Working

The new development and testing strategy implementation in the financial project

Read More

Improve and optimize the testing process

Improve and optimize the testing process

Building Test Architecture and Test Strategy in CRM project

Read More

Automated testing

Automated testing

The joint work of architects, developers, tester and managers made it possible to redesign the project in a short time (about 2 months), speed up the testing process several times and simplify the preparation of…

Read More

Social engineering

Social engineering

During this social engineering engagement, it was possible to achieve persistent internal access, exfiltrate confidential and personal information, and compromise the internal segmented infrastructure.

Read More

Payment processing API penetration testing

Payment processing API penetration testing

Tenendo specialists discovered an unattended staging environment and leveraged its vulnerabilities for sensitive information disclosure. This information was later reused in an attack against the main application, that allowed us access to the payment API…

Read More

Client-Bank application compromise

Client-Bank application compromise

This case is a very good example why manual penetration tests are valuable – the team achieved compromise without administrator access to the application, not using any known exploits or discovering injection/deserialization/other RCE flaws.

Read More

Internal adversary simulation

Internal adversary simulation

The adversary simulation activity allowed the security team to demonstrate a complete compromise path while not using any usual, “exploitable” vulnerabilities.

Read More