intrus.io
Restaurantes e Delivery

Pentest for Restaurants and Delivery Platforms

Security for POS, KDS, iFood/Rappi integration, own app and multi-unit operations.

Request a quoteSee vectors
90% manual · 10% automated
OSCP · CISSP · CRTO · GPEN
BR · PT · IT · ES · MA · US · AU
OWASP · MITRE · PTES · NIST

Why now

The real pain

Restaurants handle cards, courier data, customer addresses and inventory — in cheap systems integrated with iFood, Rappi, Anota Aí. Hacked menu, abused coupons, courier fraud, base leaks at service. Everything becomes the operator's problem, not the app's.

Applicable regulation

LGPDPCI-DSS (cobrança direta)ABRASELANVISA RDC 216/2004

/attack-surface

Vectors we test in restaurantes e delivery

Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.

01

Front-of-house and KDS

Price manipulation, cancellation fraud, kitchen ticket integrity.

02

iFood/Rappi/UberEats integration

Menu sync, order manipulation, commission fraud.

03

Own app and digital menu

Hacked QR Code, IDOR on order, coupon abuse and new-user farming.

04

Recurring billing (subscription club)

Tokenization, cancellation, renewal fraud and card management.

05

Multi-unit and franchise operations

Per-store segregation, manager access, royalty and marketing fees.

06

Courier data

Geolocation, delivery-proof fraud, PII and phone exposure.

/methodology

Genuinely manual pentest

Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.

01 · Reconnaissance

Target mapping, OSINT, footprint, sector-specific threat modeling.

02 · Discovery

Deep enumeration, complementary scanning, manual exposure identification.

03 · Exploitation

Manual validation with controlled PoC, finding chaining, escalation.

04 · Report

Executive + technical, step-by-step replication, mapped to applicable regulation.

/why-trust

Who has trusted our work

Sector with fast tech adoption and almost no independent validation; focus on mid-size networks and franchises.

Caixa Econômica Federal
Banco BMG
iFood
ArcelorMittal
Multibanco
Polícia Federal
Fórmula 1
OpenFinance

Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.

DL

Douglas Lopes

Founder · CEO · intrus.io

/faq

FAQ — Restaurantes e Delivery

Do you cover coupon and cashback fraud?

Yes. We audit coupon logic, new-user abuse, cashback rackets and systematic farming.

Can you test without disrupting service?

Yes. Intrusive tests run in staging. Final validations happen in nighttime or dawn windows.

/contact

Ready for a serious pentest in restaurantes e delivery?

Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.

Talk to usSee other sectors

Other sectors we cover

/saude

Hospitals & Clinics

/planos-saude

Health Insurers

/fintech

Fintechs

/bancos

Banks & Credit Unions

/consorcios

Consortium Administrators

/seguros

Insurance & Brokers