White Oak Security can help your engineers and developers deliver more secure software and integrate security testing into their existing development process
Applications constitute a huge opportunity for malicious hackers who are looking for a way into your organization. The explosion of mobile, web-enabled, and cloud-hosted applications over the last 20 years means that this is often the most vulnerable area for our clients.
Our application security testing practice focuses on the unique requirements of software security. Web-based, Mobile, and Thick-Client applications are each addressed in the manner most effective for the technology involved - each undergoes the scrutiny of our experienced team as well as testing using technology-specific techniques and tools.
White Oak's standard testing process exceeds requirements for all relevant compliance requirements including PCI. We are also able to provide ongoing testing programs to address requirements like PCI DSS Requirement 11.3.
Web Application Penetration Testing
A Web Application Penetration Test will consist of vulnerability scanning of targeted applications, as well as manual and automated vulnerability identification and analysis of application layer vulnerabilities as both authenticated and anonymous users.
Our Web Application Penetration Testing process follows the industry accepted OWASP Testing Guide v4. This process allows for a holistic testing approach in analyzing the dynamic processes of a web application and consists of specific steps that address all aspects of web-based application security testing including business logic testing.
Mobile Application Penetration Testing
White Oak Security provides a Mobile Application Penetration Test that identifies the technical and business logic vulnerabilities within mobile applications and technology platforms. The mobile application, any files it creates, and any web services consumed will be assessed utilizing a series of tools and techniques that are effective in identifying security issues and technical vulnerabilities.
Our Mobile Application Penetration Testing process has been built utilizing many years of experience as well as industry-recognized processes such as those outlined in the OWASP Mobile Security Testing Guide. Included in our mobile application testing are device-resident files and the web services utilized by the application (this is critical and often overlooked).
Thick-Client Penetration Testing
Thick-Client Penetration Testing requires experience and expertise that goes beyond most organizations' capabilities. Testing thick-client applications means crafting custom test plans, building testing tool sets, and using techniques that are specifically required for the application and technology in question.
White Oak has the requisite experience to successfully test these difficult (and yet very common) applications.
API Penetration Testing
API testing is another important area of application testing that's often overlooked, but White Oak consultants have the skills and experience to assist. Testing APIs to determine if there are critical, impactful vulnerabilities is particularly important as they are the conduit for other organizations to access your data.
Application Security Code Review
An Application Security Code Review is a valuable step in ensuring that applications developed by your internal team (or a third-party partner) are both secure and following secure coding standards. An Application Security Code Review can find vulnerabilities at the code level before those applications are deployed.
Our Application Security Code Review follows a standardized process that allows White Oak to ensure that we are consistent and thorough in our testing. This process allows for a holistic testing approach in analyzing the static code of an application and results in specific guidance in how to address identified security issues in the source code of the application being tested.
Developer Security Testing Training
By teaching our clients' development teams how to incorporate active security testing into the development process (incorporating tools and testing techniques), we can push vulnerability identification further up the Software Development Lifecycle (SDLC) and drive down the cost of remediation. All while allowing your development teams to deliver more secure applications.