Adversarial Simulation

White Oak’s Security Testing provides an in-depth test of your mission-critical systems with highly detailed results – allowing you better understanding of your risk and your compliance issues.


Screen Shot 2017-09-13 at 10.05.27 AM.jpg

Red Team / Adversarial Simulation

White Oak’s Red Team service simulates real-world attack scenarios to provide you a better understanding of where your defenses are vulnerable.  We will work with your team to develop scenarios that will effectively test your detective controls, your training, and your personnel as if they were responding to an actual incident.  This is a critical exercise that mature security organizations utilize to better understand their actual preparedness for an incident and to help guide their investments in technology, training, and people.  If these services are built effectively they can provide a huge amount of practical insight.


Screen Shot 2017-09-13 at 10.06.18 AM.jpg

Penetration Testing

Your organization’s network security is paramount to protecting your customer and employee data along with your intellectual property. Although your network team has likely been focused on security for years, malicious actors have not stopped innovating and adapting and it remains critical that both your internal and external network environments undergo penetration testing for both security and compliance assurance.

White Oak Security utilizes cutting edge tools and manual techniques paired with years of industry experience to uncover weaknesses in your organization’s network security. Our approach addresses both security and compliance issues and we will work with you and your team to prioritize issues and identify the most effective and efficient manner of remediation.

  • Internal Network
  • External Network

Screen Shot 2017-09-13 at 10.07.07 AM.jpg

PCI TEsting 

PCI is a headache but a necessary one if you accept, process, or store credit card information.  The regulations and requirements that apply to services like penetration testing  (11.3) are sometimes confusing and this isn’t helped by the industry, which often uses the term ‘penetration testing’ without really meaning penetration testing.

Our PCI penetration testing services meet the requirements documented in the PCI Data Security Standards (DSS) and we can work with your security and compliance teams to ensure that you are testing the right systems in the right way (and keeping your QSA or bank happy).

  • Penetration Testing
  • PCI Gap Analysis
  • PCI Readiness Assessment

Screen Shot 2017-09-13 at 10.31.12 AM.jpg


Regardless of the technological or physical security measures you implement, the strength of your environment and organization comes down to the training, awareness, diligence, and honesty of your organization’s trusted employees, contractors, and vendors.

White Oak Security will work with your organization to identify areas of concern.  We perform target identification and information gathering, followed with persuasion and deception techniques in an attempt to gain access to sensitive information or systems. These efforts identify gaps in training or areas in which existing training needs to be altered or re-emphasized.  We will work with you to build a training approach (and deliver that training if desired) that will provide your employees the information, habits, and process that they need to combat these social engineering techniques.

  • Phishing
  • Vishing
  • On-Site


Application Security

White Oak Security can help your engineers and developers integrate security testing in to their existing development process.


Screen Shot 2017-09-13 at 10.12.11 AM.jpg

Application Testing

Applications constitute a huge opportunity for malicious hackers who are looking for a way into your organization.  The explosion of mobile, web-enabled, and cloud-hosted applications over the last 20 years means that this is often the most vulnerable area for our clients and we have an extremely strong approach to application testing.  Our application penetration testing practice is built to provide the highest level of insight while not wasting our clients’ time and budget.

  • Modern & Legacy Web Applications
  • APIs & Web Services
  • Mobile Applications

Screen Shot 2017-09-13 at 10.15.28 AM.jpg

Developer Security Testing TRAINING 

By teaching developers and engineers security testing techniques, we can push identification left in the Software Development Lifecycle (SLDC), decreasing cost of remediation.


Strategic Security Services

White Oak Security goes well beyond penetration testing with our ability to provide Strategic Security Consulting.  We bring years of experience, across a variety of organizations (both large and small) within various industries, to the table for our clients and help to mature your security program.


Screen Shot 2017-09-13 at 10.16.34 AM.jpg

Strategic Consulting

Our consultants have a long and successful history in building enterprise security programs and penetration testing teams, as well as working with application developers on improving security.  This allows our team to work with you to help evaluate current state, build a plan for future state, and move the needle on your information security program.  We can assist with large, sweeping program development efforts or target specific areas in need of improvement and focus on these weak points to deliver practical improvements.

Screen Shot 2017-09-13 at 10.26.55 AM.jpg

Application Security Program Management

White Oak Security’s Application Security Program Management will partner with your existing teams to create or mature your AppSec program strategy. White Oak can set organizational strategy and goals.  We can help create policies, processes and guidelines to help you build security into your products.