intrus.io
EdTech

Pentest for EdTechs

Offensive security in digital education platforms, K-12, corporate training and online exams.

Request EdTech pentestSee vectors
90% manual · 10% automated
OSCP · CISSP · CRTO · GPEN
BR · PT · IT · ES · MA · US · AU
OWASP · MITRE · PTES · NIST

Why now

The real pain

B2B2C EdTech grows by selling to schools and companies — and each customer demands pentest. B2C EdTech handles minors' data and tuition fraud. Both share: online exams under attack, compromised student accounts, teachers faking attendance.

Applicable regulation

LGPDGDPRFERPA (EUA)COPPA (menores)

/attack-surface

Vectors we test in edtech

Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.

01

Learning platform

Multitenancy across schools/companies, cross-tenant IDOR.

02

Online exams and proctoring

Anti-fraud, screen capture, biometric/face-match identification.

03

Mobile app

iOS/Android, certificate pinning, secrets in release.

04

Content and DRM

Video protection, digital books, prevention of unauthorized download.

05

Student and tutor accounts

ATO, password recovery, subscription fraud.

/methodology

Genuinely manual pentest

Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.

01 · Reconnaissance

Target mapping, OSINT, footprint, sector-specific threat modeling.

02 · Discovery

Deep enumeration, complementary scanning, manual exposure identification.

03 · Exploitation

Manual validation with controlled PoC, finding chaining, escalation.

04 · Report

Executive + technical, step-by-step replication, mapped to applicable regulation.

/why-trust

Who has trusted our work

Engagements with B2B2C and B2C EdTechs.

Caixa Econômica Federal
Banco BMG
iFood
ArcelorMittal
Multibanco
Polícia Federal
Fórmula 1
OpenFinance

Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.

DL

Douglas Lopes

Founder · CEO · intrus.io

/faq

FAQ — EdTech

Do you do proctoring pentest?

Yes. We assess anti-fraud robustness, biometrics, evidence capture and traditional bypass techniques.

How do you handle minors' data?

Per LGPD article 14 and COPPA when applicable (clients with US operations).

/contact

Ready for a serious pentest in edtech?

Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.

Talk to usSee other sectors

Other sectors we cover

/saude

Hospitals & Clinics

/planos-saude

Health Insurers

/fintech

Fintechs

/bancos

Banks & Credit Unions

/consorcios

Consortium Administrators

/seguros

Insurance & Brokers