Tag Archive for Security Testing
Partnership
Tenendo has excellent experience partnering with PCI QSA, software development and cybersecurity companies. We have qualified technical resources and are working on expanding our partner network.
Security Assessment of the Architecture
We will assess your architecture concept from the Information Security point of view and develop a baseline for your Secure SDLC and architecture hardening.
Payment processing API penetration testing
Tenendo specialists discovered an unattended staging environment and leveraged its vulnerabilities for sensitive information disclosure. This information was later reused in an attack against the main application, that allowed us access to the payment API on behalf of other customers of our Client.
Client-Bank application compromise
This case is a very good example why manual penetration tests are valuable – the team achieved compromise without administrator access to the application, not using any known exploits or discovering injection/deserialization/other RCE flaws.
Internal adversary simulation
The adversary simulation activity allowed the security team to demonstrate a complete compromise path while not using any usual, “exploitable” vulnerabilities.
Internal Adversary Simulation Case
The adversary simulation activity helped the client identify and remediate multiple issues with the on-premise infrastructure and vulnerabilities, calculate potential risks, and improve the overall security posture. Each finding also included proposed solutions for applying industry-standard defences.
Azure Active Directory compromise
The Azure penetration test helped the client identify and remediate multiple issues and misconfigurations, harden their infrastructure and calculate potential risks.
Developer/DevOps adversary simulation
With valid developer credentials for the infrastructure, we obtain access to existing CI/CD, logging, monitoring, and remote access solutions to build a complete threat model, find access control misconfigurations, and help companies ensure no single person can cause a compromise.
Infrastructure penetration testing
Infrastructure penetration testing focuses on the security of both the application environment and the supporting infrastructure, including third-party services and applications. The testing is performed with a combination of manual and automated techniques, tailored for the specific environment.
Application penetration testing
For all penetration tests, our team collects relevant information about the scope, develops an attack surface, and begins an extensive manual and automated search for vulnerabilities and applicable attacks.
