Contact us: info@tenendo.com
Input processing vulnerabilities
Input validation is a frequently-used technique for checking potentially dangerous inputs in order to ensure that the inputs are safe for processing w…
Spring4Shell as a class injection example
Two serious vulnerabilities leading to remote code execution (RCE) have been found in the popular Spring framework, one in Spring Core and the other i…
Avoiding injection vulnerabilities
Injection attacks refer to a broad class of attack vectors. In an injection attack, an attacker supplies untrusted input to a program. This input gets…
Avoiding XSS injection vulnerabilities
In this section, we'll describe some general principles for preventing cross-site scripting vulnerabilities and ways of using various common technolog…
Avoiding OS command injection
Every command call and dynamic code generation method is a ticking bomb and must be handled accordingly.
Avoiding Templates injection
The best way to prevent server-side template injection is to not allow any users to modify or submit new templates.
Avoiding other injections
Secure coding practices prescribe that spring expressions using dynamic values should be avoided.
Cloud Infrastructure Audit and Performance testing case
The main goal of the Technical Audit from a customer request was to understand if the system is scalable or not and provide guidance for improvements.
PCI DSS segmentation testing case
The team created several hardware connect-back appliances and used it in a PCI DSS segmentation testing.
EDR product’s effectiveness evaluation case
Evaluating EDR Product against Threat Actors: Uncovering Limitations and Collaboration for Enhanced Detection of Multiple Killchains.