CREST Penetration Testing AccreditedRigorous, reliable standard relied upon by customers around the world for penetration testing services
Who is CREST?
CREST is a globally recognized non-profit accreditation and certification body which represents and supports the technical information security market. By providing a rigorous, reliable standard for companies that are seeking penetration testing services, CREST penetration testing is widely viewed as the industry’s “gold standard.”
The acronym is short for “Council of Registered Ethical Security Testers.” CREST arose to fill a need for a trusted certification in the penetration testing industry. Pen testers are trusted with access to highly sensitive information and to accurately assess a company’s defenses, yet the industry has had little in the way of regulation and has no shortage of pen testing services that do not deliver a quality product. CREST penetration testing seeks to create a brand that represents the highest standards the testing industry has to offer.
In addition to the security testing industry, CREST also offers accreditation for vulnerability assessment services, intelligence-led penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services.
Established in 2006, CREST was initially focused on working with the UK government, agencies and regulatory bodies to support cyber security frameworks and standards. CREST now engages with organizations around the world.
What is a CREST accredited company?
CREST accredited companies are penetration testing firms that employ CREST certified penetration testers, and have met an additional series of requirements and reviews to ensure that they are providing the highest possible level of professional service and care for customers. This provides customers with a benchmark to evaluate the capabilities of the many vendors in the technical information security industry.
CREST penetration testing companies are required to submit thorough documentation of the services they offer, their testing processes and procedures and data security controls for evaluation, as well as their customer service policies and practices (such as conflict of interest and complaint handling policies). A CREST penetration testing company must also demonstrate that they have sufficient professional indemnity insurance and sign a standard non-disclosure agreement (NDA) tailored to protecting penetration testing clients.
CREST penetration testing organizations are subject to periodic recertification, and are expected to abide by the CREST Codes of Conduct, Ethics and Complaints and Resolution Measures at all times.
What can you expect from CREST penetration testing professionals?
Different levels of CREST certifications offer assurance of the knowledge, skill and competency of the cyber security professionals delivering the vulnerability assessment and penetration testing.
A CREST Practitioner professional has, at minimum, 2.500 hours of experience and has passed a standard examination. A CREST Registered professional has been certified to have at least 6,000 hours of experience and has passed a series of exams. The final level, CREST Certified professional, is an assurance that an individual has at least 10,000 hours of experience and has demonstrated that they are capable of managing and running penetration testing teams and projects.
What are the benefits of CREST penetration testing?
In addition to using a CREST member companies that have made it through a rigorous application and review process, you can be sure that the professionals working on your projects are skilled, knowledgeable and competent in penetration testing..
A CREST member company also has the inside track in keeping up with the evolving cyber threat landscape and the ever-shifting needs of the cybersecurity industry, something that is crucial given the pace with which online threats now develop and change. Regular re-evaluation forces these companies to keep up with the latest standards and best practices.
CREST accreditation provides a “gold standard” certification in an industry that is largely unregulated and full of uncertainty. The package of highly trained testers, customer assurances, adherence to international regulatory standards and global name recognition is one that is not matched by any other accreditation service in the field.
Yes, we are CREST accredited
Our core team is based in Singapore and consists of CREST certified penetration testers who are also Offensive Security Certified Professional (OSCP) certified. The team has delivered numerous penetration testing projects for customers in Singapore and other locations, from large multinational enterprises to small and medium business, and across various industries.