Frequently Asked Questions

Why is application security important?

Application security is important in the first place because it ensures that information about you and your customers is protected. Once the integrity and protection of information is not guaranteed, you and your customers may suffer damage. This can be direct financial damage, but also a dent in your company's reputation. In addition, you are legally obliged to adequately secure your applications. This is laid down in the General data protection regulation (GDPR). Is your application hacked and is there a data breach? Then that also serves to be reported .

Why is the security of the internal network important?

Many IT departments do not or do not fully protect internal systems because they are thought to be inaccessible to unwanted persons. Also, there is often no or incomplete policy for replacing or updating and updating employee systems. By properly securing the internal corporate network, many attacks can be minimized.

Hoe gaat een Hacker te werk? Kan ik dat eens zien?

Altijd al eens willen weten hoe een echte hacker te werk gaat? Wij laten het graag zien in een korte demonstratievideo.

Does WhiteHats also provide certifications and third party statements?

Our security studies can minimize the risk of exploitation of your applications. How much is invested in this is a consideration that only our clients can make. In addition, applications are usually continuously developed, while a security investigation is often a snapshot. That is why we do not issue 'Certified by' statements.

Through one third party statement (Third Party Memorandum, TPM) we can provide limited insight into the design and results of an investigation. To this end, we provide third-party statements with different levels of detail. These documents are only provided to our clients. Third parties can verify the authenticity of a statement with WhiteHats.

When does an application meet the legal requirements?

Although the law itself does not contain concrete instructions, the government does provide clear guidelines for the security of web applications. The Personal Data Authority, monitor compliance with the General data protection regulation (GDPR) and states:

"The data processing must be appropriately secured."

However, when are security measures "appropriate"? The predecessor of the Dutch Data Protection Authority, the Dutch DPA guidelines published. These guidelines form the connecting link between the legal domain on the one hand and the domain of information security on the other

Dit betekent dat de richtsnoeren in samenhang moeten worden gebruikt met algemeen geaccep­teerde beveiligingsstandaarden binnen de praktijk van de informatiebeveiliging, zoals de ICT-­beveiligingsrichtlijnen voor webapplicaties van het National Cyber Security Center. These refer to their neighborhood again OWASP which WhiteHats also focuses on.

Those ICT security guidelines are also neatly documented. An overview of the most important guidelines can be found on pages 17 and 18 of part 1. A security test such as WhiteHats performs focuses in particular on points 7, 8 and 9 (the technical aspects of a secure web application) and is therefore an important part of "appropriate security measures".

Are you looking for an answer to a question that is not listed here?

Do not hesitate to contact us.