PCI DSS segmentation testing case
The team created several hardware connect-back appliances and used it in a PCI DSS segmentation testing.
Partners could outsource Tenendo tasks that require specific technical knowledge and are not directly related to PCI DSS audits, namely:
Penetration Testing. Our experienced engineers conduct application (Web/Mobile/API) penetration tests, infrastructure, segmentation, and network penetration tests of varying complexity.
Adversary Simulation (Red Team) engagements and social engineering. In addition to our experts’ vast portfolio of certifications (like OSCP, CRTE, or OSEP) and industry-accepted training, they have already proven themselves in a number of successful cases. In most real-world engagements, our experts were proven successful in defence evasion and obtaining access to the customer’s infrastructure.
Security Code Review. Per our methodology, two specialists work on each project to complete the code review successfully: a penetration testing specialist and a software developer. The teamwork in manual code audit and the use of the best static code analysers gives excellent results.
Secure Coding and ITOps training. We have conducted private training for a wide range of customers, from software development teams to infrastructure support, networking, and DevOps. Our training programs may include analysis of the most interesting trends in tactics, techniques and procedures utilized by threat actors, guides on secure development for specific technology stacks, hardening and monitoring advice, or implementation of secure SDLC in software development processes.
Technical audit. The goal of the technical audit is to analyse the current environment architecture, obtain data on system performance using load testing of systems, and develop proposals for improving the system architecture, namely: performance, security, integrity, and fault tolerance
Are you interested in a potential partnership? In the past, we had numerous projects delivered to customers working on their PCI DSS compliance, mostly medium and big financial institutions. We would love to see if we can work something out.
Do you have time in the next few days for a quick call to discuss this further?
The team created several hardware connect-back appliances and used it in a PCI DSS segmentation testing.
Tenendo specialists discovered an unattended staging environment and leveraged its vulnerabilities for sensitive information disclosure. This information was later reused in an attack against the main application, that allowed us access to the payment API on behalf of other customers of our Client.
The adversary simulation activity helped the client identify and remediate multiple issues with the on-premise infrastructure and vulnerabilities, calculate potential risks, and improve the overall security posture. Each finding also included proposed solutions for applying industry-standard defences.