Skip to main content

Defend your organization against malicious threats.

Every organization is vulnerable to attackers, but you can lessen the opportunity or severity of an attack by uncovering security deficiencies and blocking the pathways to unauthorized access. 


Through a mix of industry-leading and innovative testing methodologies, our team of highly skilled and specialized consultants perform the difficult offensive security tests that go beyond in-house testing. Upon completion, you’ll have far deeper insight into the technical and business-logic issues that require active remediation.

Application Security

Penetration testing of your mobile apps, web apps and thick clients. We also provide API security testing and application security code review.

Adversarial Simulation

Uncover organizational weaknesses through Red Team, Purple Team, Social Engineering, Threat Emulation and Threat Hunting.


Infrastructure Security

Identify critical network vulnerabilities through External/Internal Penetration Testing, PCI Penetration Testing, Wireless Penetration Testing, Cloud Security Assessment and Remote Access Penetration Testing.


Device & IoT Security

Identify medical and embedded devices in an IoT-enabled environment and test critical hardware technologies to locate vulnerabilities and security-related issues.


Strategic Services

Utilize the years of experience and deep industry knowledge of our team of security consultants for AppSec Program Management and Developer Security Training.

Who We Are

Any security firm can claim they can pentest your organization. At White Oak Security, our goal is to help you truly understand your security risks and deliver guidance to remediate these vulnerabilities. Only through rigorous, experience-driven testing of your applications and networks can you truly understand how to strengthen your organization against an attack.

Recent Blog Posts

  • Alternative Execution: A Macro Saga (part 7)
    Thanks for returning to Alternative Execution: A Macro Saga! This will be the last post in this series (here are the links to part 1, part 2, part 3, part […]
  • Zip Slip to Reverse Shell in OpenRefine
    Weaponizing CVE-2018-19859 Summary On a recent internal penetration test, White Oak Security discovered an outdated version of OpenRefine which is vulnerable to an unauthenticated Zip Slip attack. The vulnerability was […]
  • How To Prepare for an API Pentest – Curl
    This is one part of a series of posts on how to prepare your API for a pentest.  The first post was focused on Insomnia. The second was focused on […]