Partners could outsource Tenendo tasks that require specific technical knowledge and are not directly related to PCI DSS audits, namely:
Penetration Testing. Our experienced engineers conduct application (Web/Mobile/API) penetration tests, infrastructure, segmentation, and network penetration tests of varying complexity.
Adversary Simulation (Red Team) engagements and social engineering. In addition to our experts’ vast portfolio of certifications (like OSCP, CRTE, or OSEP) and industry-accepted training, they have already proven themselves in a number of successful cases. In most real-world engagements, our experts were proven successful in defence evasion and obtaining access to the customer’s infrastructure.
Security Code Review. Per our methodology, two specialists work on each project to complete the code review successfully: a penetration testing specialist and a software developer. The teamwork in manual code audit and the use of the best static code analysers gives excellent results.
Secure Coding and ITOps training. We have conducted private training for a wide range of customers, from software development teams to infrastructure support, networking, and DevOps. Our training programs may include analysis of the most interesting trends in tactics, techniques and procedures utilized by threat actors, guides on secure development for specific technology stacks, hardening and monitoring advice, or implementation of secure SDLC in software development processes.
Technical audit. The goal of the technical audit is to analyse the current environment architecture, obtain data on system performance using load testing of systems, and develop proposals for improving the system architecture, namely: performance, security, integrity, and fault tolerance