Safety Detectives: Please share your company background, how you got started, and your mission.
WhiteHats: The idea for WhiteHats was conceived by Thijs Schoonbrood (currently CEO) in 2011 when he was leading a software development project for a healthcare company. Security was considered paramount and the team required (and acquired) expert knowledge and expertise to optimally protect the application from attackers. We felt more applications deserve this kind of attention and care and founded WhiteHats.
It is now WhiteHats’ ambition to support development teams with thorough application security assessments and help them develop secure software with practical tips and advice.
SD: What is the main service your company offers?
WH: WhiteHats specializes in security assessments for custom applications and education of development teams. This is an ongoing process, so we prefer combining manual tests and code reviews with automated scans and periodic workshops.
Of course, we can also help companies to protect their regular IT infrastructure by conducting common vulnerability scans and penetration tests (pen tests).
SD: What is something unique that helps you stay ahead of your competition?
WH: Our heart is in application development and we are well versed in the vast majority of coding languages and frameworks. This helps us to spot vulnerabilities and weaknesses in code efficiently and we, therefore, have a strong focus on code review. By investing firmly in our own tooling, we optimize our work and quality level while also keeping up with modern development techniques.
SD: What do you think are the worst cyber threats today?
WH: The pervasive reliance on IT systems makes our society vulnerable. Our day-to-day lives are at risk if crucial infrastructure (think: energy, payments, supply chains, …) is compromised by hackers. The risk that currently manifests most, is criminals using ransomware to blackmail companies, while unfriendly states are potentially able to cause mass disruption. For web applications, frequently seen vulnerabilities are captured by the OWASP Top 10. Together with phishing, a compromised web application is a common first step in a successful attack.