What is CREST OVS

A new era in accreditation

Developed in consultation with OWASP (the Open Worldwide Application Security Project), CREST OVS is a new quality assurance standard for the web security industry.

Organisations accredited under this program will get the opportunity to access a growing app development industry worth an estimated $200 billion globally. CREST OVS is aligned to OWASP’s Application Verification Security Standard (ASVS) and Mobile Application Security Verification Standard (MASVS).

ASVS and MASVS are frameworks developed by the technical app security community to establish a framework of security requirements needed to design, develop and test secure mobile and cloud apps.

The standards can be used by mobile and web software architects and developers seeking to develop secure mobile and web applications, as well as security testers to ensure completeness and consistency of test results.

CREST and OWASP are not-for-profit organisations and CREST OVS is part of their shared vision of increasing collaboration to build on and improve global cyber security.

Benefits

Process overview

There are three steps to becoming CREST OVS accredited:

An accreditation process to ensure the organisation applying meets the program requirements
Registration of individuals with demonstrable skills and competencies in app security testing in the CREST Skilled Persons Register.
Attestation to a series of rules and principles defined within the CREST commercially Defensible Penetration Test.

The process in detail

Application and cost

The application process for CREST OVS is straightforward.

The annual fee is £2,000 ($2,500) in addition to the organisation’s normal membership fees. The fees go toward running and maintaining the program. A portion of the payment will also be shared with OWASP who maintain the ASVS and MASVS components. Click the button below for more information on cost.

Eligibility, applying & cost

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

What is CREST OVS?

A new era in accreditation

Process overview

Application and cost