Buying & Building Cyber Services icon
Back
Accreditation Pathway & Membership icon
Back
Skills, Certifications & Careers icon
Back
News, Events & Research icon
Back
About Us icon
Back
Login to profile
Join Today Find a Supplier

Security testing

Identify and close security gaps

Banner Image

On this page:

Get your organisation accredited Industry-leading certifications Resources Useful links Testimonials

What is security testing?

Penetration testing is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders and/or insiders to identify attack vectors, vulnerabilities and control weaknesses. It involves the use of a variety of manual techniques supported by automated tools and looks to exploit known vulnerabilities and uses the expertise of the tester to identify specific weaknesses in an organisation’s security arrangements. Penetration testing is often confused with vulnerability assessment.

 

If your organisation is considering achieving our security testing accreditation and becoming a member, you can download our accreditation standard for this discipline on our Accreditation Standards page.

Get your organisation accredited

Vulnerability assessment

Vulnerability assessment is the examination of an information system or product to determine the adequacy of security measures and to confirm the adequacy of such measures after implementation.

Penetration testing

Penetration testing involves a combination of automated and manual techniques to identify and exploit known and unknown threats.

App security testing

App security testing is used to evaluate web application security controls, and it provides developers with a list of requirements for secure development.

Mobile app security testing

Mobile app security testing covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results.

Getting accredited with us could help your organisation access a number of exciting partner programmes

CIS Controls Accreditation

MAS Singapore pen testing guidelines - more info coming soon

CSA Singapore pen testing guidelines - more info coming soon

UK CAA Assure

Dubai Cyber Force Program

Industry-leading certifications

Take the next step in your cyber career!

Whether you’re at the start of your career, or ready to take the leap into a more experienced role, we run examinations across a number of cyber security disciplines, providing career pathways and progression options for professionals at every stage of their working lives.

Our certifications are recognised worldwide and having CREST qualified individuals demonstrates a high standard of knowledge, skills and competence. In a growing cyber market, this could help you stand out against the crowd.

Can’t find the certification you’re looking for?

Visit our dedicated page to find our full list of available certifications: CREST Certifications

CREST Practitioner Security Analyst (CPSA)

The CREST Practitioner Security Analyst is an entry level exam that tests a candidate’s knowledge in assessing operating systems and common network services.

Certification Image
Book your CPSA exam

CREST Registered Penetration Tester (CRT)

The CREST Registered Penetration Tester exam is recognised by Governments and regulators around the globe.

Certification Image
Book your CRT exam

CREST Certified Tester - Infrastructure (CCT INF)

The CREST Certified Tester - Infrastructure exam is a rigorous assessment of the candidate’s ability to assess a network for flaws and vulnerabilities at the network and operating system layer.

Certification Image
Book your CCT INF exam

CREST Certified Tester - Application (CCT APP)

The CREST Certified Tester - Application exam will test candidates on finding known vulnerabilities across common networks, applications, infrastructures and databases, as well as containerisation, cloud and macOS.

Certification Image
Book your CCT APP exam

Being a CREST qualified individual could make you eligible for the following programmes

Australian CORIE framework - more info coming soon

MAS Singapore pen testing guidelines - more info coming soon

CSA Singapore pen testing guidelines - more info coming soon

UK Cabinet Office GovAssure - more info coming soon

DSA Country of Georgia - more info coming soon

UK Cyber Security Council - more info coming soon

Dubai Cyber Force Program

UK NCSC CHECK scheme

Hong Kong HKMA (iCAST)

What people are saying...

“I really like that CREST moved the CRT exam to the regular testing centres, as it makes the certification more accessible than ever. The exam is straightforward and tests the knowledge in several networking and web application testing categories. Exam tasks are well-defined and easy to follow. Shouldn’t be a problem for people working on penetration testing engagements to pass the exam on the first attempt if they manage the time the right way (read the CRT top tips pdf!). For the beginners in this area, you should learn the processes and tools usage based on the syllabus and you should be able to pass. Careful though, the exam is closed book, as opposed to the previous version, and it is only 2.5 hours in duration, so one must manage time the right way (I would love to have additional 45 minutes on my exam day). Honestly, it was a pure enjoyment to play with the exam infrastructure that was stable, fast, and easy to use.”

Peter Petrunic, Eduron

“The updated CRT certification provides a great way for testers to demonstrate that they possess the necessary practical and technical skills, which is required in conducting both infrastructure as well as web application penetration test engagements. The updated CRT exam is also a breeze to book and intuitive to take. The exam can now be taken at a huge number of regionally based exam centres, is also a very welcome change.”

Guy Liu, Head of Cyber Security, Air IT

5-star rating

Why CREST?

Whether you’re looking for globally recognised certifications or trusted suppliers of cyber services, we are committed to building cyber excellence across the globe by creating a community of individuals and organisations that are as dedicated to building a safer digital world as we are.

But it’s not just about us; collaboration is at the heart of our mission. That’s why we work with government organisations, community supporters, and discipline communities and focus groups to build a community that provides opportunities to enhance capability and raise awareness of cyber security across a whole range of industries.