Released: 3 January 2024

RedHunt Labs, a UK-based holistic Attack Surface Management and Continuous Security Testing company, proudly announces its accreditation from CREST for its penetration testing services. CREST is an International not-for-profit, membership body representing the global cybersecurity industry. 

By obtaining the CREST accreditation, RedHunt Labs has undergone a rigorous evaluation process, validating its technical proficiency, ethical conduct, and adherence to industry best practices. CREST accreditation means that the quality of RedHunt Labs’ services has been externally validated. This ensures clients can have great confidence in the penetration testing service being delivered, and that the processes and policies in place provide the highest quality of service. 

In endorsing RedHunt Labs’ achievement, Rowland Johnson, President of CREST, stated, “CREST is delighted to welcome RedHunt Labs as an accredited member company. RedHunt Labs has been through a demanding assessment process that examined test methodologies, legal and regulatory requirements, data protection standards, logging and auditing, internal and external communications with stakeholders, as well as how test data security is maintained. RedHunt Labs’ membership for its penetration testing services demonstrates that the company consistently delivers the highest professional security services standards to its customers.” 

Mr. Sudhanshu Chauhan, Director/ Co-founder of RedHunt Labs, expressed his excitement about the accreditation, stating, “We are thrilled to receive the CREST accreditation, a testament to the hard work and expertise of our team. This recognition reinforces our commitment to providing top-notch cybersecurity services that empower organizations to defend against evolving cyber threats and help organizations continuously secure their external Attack Surface.” 

While leaving a comment about this achievement, Mr. Shubham Mittal, Co-founder of RedHunt Labs, mentioned, “As cyber threats continue to evolve, organizations face increasing challenges in securing their digital assets. RedHunt Labs, with its CREST-accredited penetration, stands as a trusted partner and assures our clients or any organization seeking robust cybersecurity measures that we adhere to the industry’s most stringent ethical and technical standards.” 

For more information about RedHunt Labs and its CREST-accredited penetration testing services, please visit https://redhuntlabs.com/ or write to us at contact@redhuntlabs.com. 

About RedHunt Labs 

RedHunt Labs is a UK Based Attack Surface Management company, that helps organizations keep track of their true Attack Surface on a continuous basis and identify security risks and exposures before attackers do. RedHunt Labs helps organizations capture their Unknown Unknowns, including Untracked Assets, Shadow IT, Crown Jewels, etc. which can expose a security misconfiguration or sensitive data. 

About CREST

CREST is an international non-profit membership organization that represents the global cybersecurity industry. CREST boasts over 350 accredited member companies and certifies thousands of professionals worldwide. Collaborating with governments, regulators, academia, training partners, professional bodies, and various stakeholders, CREST is dedicated to elevating and setting standards in the global cybersecurity industry.

The post RedHunt Labs Achieves Prestigious CREST Accreditation for Penetration Testing Services appeared first on CREST.

Released: 5 December 2023

AMATAS, a visionary cybersecurity managed services provider, proudly announces its accreditation as a CREST Penetration Service Provider, offering a shield of cutting-edge solutions to safeguard businesses against the ever-evolving tide of cyber threats. This marks a significant milestone as AMATAS solidifies its position as a beacon of trust and expertise in cybersecurity.

With an arsenal of highly skilled in-house experts, AMATAS boasts a legacy as one of the most trusted cyber security specialists in the market. Our mission transcends conventional cybersecurity; we strive to empower businesses of all sizes with fully managed cyber governance, operations, and awareness services, even in the face of limited security resources or expertise. Founded by cybersecurity visionaries, AMATAS is driven by the aspiration to embolden organizations to realize their full potential, unshackled by the fear of cyber threats and attacks.

As a CREST Penetration Service Provider, AMATAS offers a suite of services that redefine cybersecurity excellence. Our CREST-certified Penetration Testing services encompass web application, infrastructure, wireless, mobile application testing and cloud environment assessments. Each meticulous evaluation enhances your digital resilience and arms you with actionable insights to combat modern cyber threats.

“CREST accreditation is a testament to our unwavering commitment to delivering world-class penetration testing services. This accomplishment underlines our dedication to maintaining the highest cyber security practice and ethical conduct standards. As we continue to navigate an increasingly digital world loaded with ever-evolving threats, our customers can now have added assurance in partnering with a company that meets the rigorous standards set by CREST. Achieving this accreditation is not just a milestone for our team but a promise of quality and trustworthiness to our valued customers”, shared Boris Goncharov, AMATAS Chief Strategy Officer. 

AMATAS’ CREST accreditation is a testament to our dedication to digital security, a pledge to transform vulnerabilities into strengths, and an unwavering commitment to realizing your business’s true potential, unburdened by the shadow of cyber risks.

About AMATAS

AMATAS is a pioneering force in the cybersecurity realm, driven by the vision of creating a digitally secure world. With a team of adept in-house experts, AMATAS offers fully managed cyber governance, operations, and awareness services to businesses of all sizes. Our commitment is to deliver competent, diligent, and cost-effective managed cybersecurity services while enabling our clients to unleash their potential without the fear of cyber threats and attacks.

Contacts

Phone: +359 899 911 911
Email: office@amatas.com
Website: Fully Managed Cybersecurity Services | AMATAS
LinkedIn: https://www.linkedin.com/company/amatas-ltd
Twitter: AMATAS (@AmatasOfficial) / Twitter

About CREST

CREST is an international non-profit membership organization that represents the global cybersecurity industry. CREST boasts over 350 accredited member companies and certifies thousands of professionals worldwide. Collaborating with governments, regulators, academia, training partners, professional bodies, and various stakeholders, CREST is dedicated to elevating and setting standards in the global cybersecurity industry.

The post AMATAS Achieves CREST Penetration Service Accreditation appeared first on CREST.

29 October 2023

IARM, a renowned cybersecurity leader, is proud to announce its achievement of CREST-accredited member status for its penetration testing services in Asia. CREST, an international non-profit organization representing the global cybersecurity industry, thoroughly evaluated IARM’s penetration testing services to ensure they meet CREST’s rigorous criteria. This accreditation attests that IARM’s penetration testing services have undergone external validation, assuring clients of the quality and reliability of the service they receive, all underpinned by robust processes and policies.

“This prestigious accreditation emphasizes IARM’s commitment to maintaining the highest standards in security testing and consulting services. CREST is internationally recognized for its stringent certification standards, and IARM takes great pride in not only meeting but exceeding these benchmarks,” remarked Ganesh Narayanan, Co-Founder at IARM. “This accomplishment stands as a testament to our unwavering commitment to delivering outstanding cybersecurity services to our clients, underscoring our steadfast pursuit of remaining at the forefront of the industry.”

“CREST is delighted to welcome IARM as an accredited member company,” commented Rowland Johnson, President of CREST. “IARM successfully navigated our rigorous assessment process that scrutinized test methodologies, legal and regulatory compliance, data protection standards, logging and auditing, internal and external stakeholder communications, as well as data security maintenance. IARM’s membership for its penetration testing services demonstrates the company’s consistent delivery of the highest professional security service standards to its customers.”

About IARM

IARM Information Security is a leading provider of cybersecurity services, dedicated to assisting businesses in safeguarding their digital assets and fortifying their defenses against emerging cyber threats. With offices in India, the USA, and Singapore, IARM offers an array of services meticulously designed to ensure the security and integrity of clients’ IT and OT environments. IARM’s professional Penetration Testing services exceed traditional assessments by conducting both automated and manual penetration tests, guaranteeing precision with zero false positives. For more information about cybersecurity services, please visit www.iarminfo.com

About CREST

CREST is an international non-profit membership organization that represents the global cybersecurity industry. CREST boasts over 350 accredited member companies and certifies thousands of professionals worldwide. Collaborating with governments, regulators, academia, training partners, professional bodies, and various stakeholders, CREST is dedicated to elevating and setting standards in the global cybersecurity industry.

The post IARM achieves CREST accreditation for penetration testing appeared first on CREST.

26 May 2023

Assure Technical, a leading UK based cyber security company, is proud to announce its launch as a CREST Penetration Service Provider, offering cutting-edge solutions to protect businesses from evolving cyber threats. With a team of highly skilled in-house experts and a pedigree of being one of the most trusted cyber security specialists on the market, Assure Technical is poised to deliver unparalleled penetration testing services to clients worldwide.

Cybersecurity threats are constantly evolving, and organisations must remain proactive in safeguarding their critical assets and data. By partnering with Assure Technical, businesses can gain access to advanced penetration testing techniques and industry-leading expertise. Their CREST approved Penetration Testing methodology represents a gold standard in the cybersecurity domain, ensuring rigorous testing that mimics real-world attack scenarios.

“Assure Technical recognised the value of CREST membership to its fast-growing business and made the decision to invest in its people, processes and systems to meet the high standards required,” said Rowland Johnson, President of CREST. “The company’s CREST accreditation reflects this commitment and puts Assure Technical in a strong position to deliver high-quality, validated penetration testing services to its existing and new clients.”

As a CREST Penetration Service Provider, Assure Technical offers a comprehensive suite of services designed to identify vulnerabilities, assess risks, and fortify defences. These services include:

Infrastructure Testing – A thorough assessment of network infrastructure, systems, and devices to detect vulnerabilities and potential entry points for malicious actors.

Web Application Testing – In-depth analysis of web applications to uncover vulnerabilities, prevent data breaches, and ensure compliance with industry standards.

Mobile Application Testing – Rigorous testing of mobile applications to identify vulnerabilities and secure sensitive user information.

Social Engineering Assessments – Assessing an organisation’s susceptibility to social engineering attacks, such as phishing, to educate employees and enhance overall security awareness.

Assure Technical’s team of experienced professionals possess extensive knowledge and hands-on expertise in the cybersecurity field. They employ the latest tools, methodologies, and industry best practices to deliver accurate, actionable reports that enable organisations to make informed decisions regarding their security posture.

“We are thrilled to launch as a CREST Penetration Service Provider,” said Assure Technical’s Managing Director, Pete Rucinski. “With cyber threats on the rise, it has become imperative for businesses to proactively address vulnerabilities in their networks, applications, and systems. Our CREST certified experts are ready to assist organisations in identifying weaknesses and implementing robust security measures to safeguard their critical assets.”

Assure Technical is dedicated to building long-term partnerships with clients, offering personalised solutions tailored to their unique security requirements. The company’s commitment to exceptional service,  quick response times, and continuous improvement sets them apart in the industry.

For more information about Assure Technical’s CREST Penetration Testing Services, or to request a complimentary consultation, please visit www.assuretechnical.com, email hello@assuretechnical.com or call +44(0)1684 252 770. 

About Assure Technical

Assure Technical is a leading provider of cybersecurity solutions, specialising in CREST Penetration Testing services, based in Malvern, UK.

Since 2011, they have helped 750 diverse organisations improve their digital security and resilience. Their team consists of technical security professionals who draw on their wealth of experience to provide bespoke advice and support to help their clients protect their assets.  Their verified 4.9* rating on Trustpilot rating makes them one of the most trusted cyber security providers in the UK and beyond.

Media Contact

Vicki Rucinski
Assure Technical
marketing@assuretechnical.com
+44(0)1684 252 770

The post Assure Technical Achieves CREST Penetration Testing Service Provider Status appeared first on CREST.

27 April 2023

Securin Inc, a leading provider of tech-enabled cybersecurity solutions, has been awarded CREST Accreditation for Vulnerability Assessment and Penetration Testing.

CREST is an internationally recognized organization that provides accreditation for companies that meet rigorous standards for information security, process capabilities, and security policies. This certification provides an objective and independent evaluation of Securin Inc.’s security protocols and ability to provide high-quality security services.

“We are excited to receive the CREST accreditation for our Penetration Testing and Vulnerability Assessment services,” said Aaron Sandeen, CEO and Co-founder of Securin. “This recognition reiterates our commitment to provide our customers with the highest quality of cybersecurity services through strong operation procedures, data security policies, and technical expertise.”

With over 100+ Pentesters, threat hunters, and security analysts, Securin’s Penetration Testing and Vulnerability Management solutions are helping customers worldwide to improve their security posture against evolving threats.

“We congratulate Securin in achieving CREST accreditation for Vulnerability Assessment (VA) and Penetration Testing. The accreditation is a strong endorsement of the teams and the commitment to robust business processes, data security, and testing methodologies,” said Tom Brennan, CREST Executive Director, Americas. “It also reflects the growing influence of CREST across the Americas and the growing demand for highly-skilled penetration testing and vulnerability assessment services from trusted providers that can demonstrate internationally-recognized, independent validation.”

With the CREST accreditation, Securin Inc joins a select group of companies that have demonstrated their technical capabilities and expertise in providing high-quality cybersecurity solutions. The accreditation further strengthens Securin Inc’s position as a trusted cybersecurity partner for organizations of all sizes and industries.

About Securin Inc

Securin is a leading provider of tech-enabled cybersecurity solutions, helping hundreds of customers worldwide gain resilience against emerging threats. Our products and services are powered by accurate vulnerability intelligence, human expertise, and automation, enabling enterprises to make critical security decisions to manage their expanding attack surfaces.

Contact
Email – marketing@securin.io
Phone – 505-302-1113
Website – securin.io

The post Securin Inc Achieves CREST Accreditation appeared first on CREST.

20 April 2023

CREST is delighted to welcome its newest members:

Accorian

Accorian is an established cybersecurity advisory firm with a global clientele that assists businesses of all sizes in improving their cybersecurity posture through compliance readiness, audit and penetration testing services, and meeting long and short-term staffing needs. Their team comprises cybersecurity and IT industry veterans who have held leadership and CXO roles at large global enterprises. 

They average over ten years of combined experience in information security and technology as auditors, implementers and testers. Besides penetration testing services, they offer compliance services (readiness and assessment/audit) that include HITRUST, SOC 2, ISO 27001, NIST CSF, PCI DSS, HIPAA, GDPR, etc.

Axiata Digital Labs

Axiata Digital Labs is an innovative software service provider, offering telco-focused digital and IT services and solutions that enable individuals, enterprises, and society as a whole. With over 1,300 professionals spread across 3 countries, we help global customers in the space of telecommunications, digital services and financial services.

Our convergent digital design experiences, innovative platforms and reusable assets connect numerous technologies to deliver tangible business value and experience to our customers. Axiata Digital Labs is the technology hub of Axiata Group Berhad Malaysia, a leading group in telecommunication services in Asia.

Blackfoot UK Ltd

Blackfoot UK Ltd is a Cyber Security Governance and Assurance business.

Our mission is to ensure our clients are protected against cyber security threats through expert advice, pro-active governance, well planned incident response, technical assurance, and by being a trusted cyber security partner.

We believe it’s uneconomical to protect everything against every possible threat, that’s why we work with each of our clients to create a practical, bespoke approach to cyber security.

Blaze Information Security

Blaze Information Security is a privately held cybersecurity firm born from years of combined experience and international presence, serving over 180 customers in 25 countries.

Blaze offers custom solutions to increase the cyber resilience of organizations worldwide. Our elite team of ethical hackers has the technical excellence and unparalleled experience to deliver complex projects for enterprises and SMBs in industries that include banking, technology, energy, e-commerce, startups, and many more.

Cyphere

Cyphere is a security services provider helping organisations secure their most prized assets. We are not a ‘report and run’ consultancy.

Cyphere provides technical security assessments and managed security services. To understand, analyse and help solve customer business problems.

We take this approach a step further by consulting customers around risk remediation strategies including vulnerability prioritization and triage and risk remediation process.

ECQ

ECQ is a network security company offering offensive security services and solutions focused on active offensive and defensive positioning. Since its establishment, ECQ provides superior consultancy services to clients in many different industries, including financial sector, infrastructure, service providers and
government agencies.

ECQ is highly trusted by many enterprises internationally to provide in-depth security assessment, highly resilient security designs, and innovative security technologies. With its current presence in the Singapore, Thailand, Vietnam, and USA, ECQ aims to continuously deliver high quality security services to many diverse customers around the globe.

Orro Pty Ltd

Orro is a leading Australian technology partner with deep expertise in cyber security and the design, construction and operation of secure networks and digital infrastructure. Our extensive cyber security services for enterprise-grade networks and critical infrastructure help some of Australia’s biggest brands to navigate the risks associated with cyber threats and attacks.

Secura BV

Established in 2000 in the Netherlands, Secura is an independent, specialized security expert with offices in Eindhoven and Amsterdam. In this fast pace ever-changing digital environment we help organizations take control of their digital security with a holistic security approach to meet their needs in information security from a people, process and technology perspective. With our activities in Benchmarking & Certification at NL, EU & Global level, we aim to drive industry maturity and provide world-class services to our clients to continuously improve their security posture.

Securin Inc

Securin is a leading provider of tech-enabled cybersecurity services, helping hundreds of customers worldwide gain resilience against emerging threats. Powered by accurate vulnerability intelligence, human expertise, and automation, our products and services enable enterprises to make critical security decisions to manage their expanding attack surface.

Securin is built on the foundation of in-depth pentesting and vulnerability research to help organizations continuously improve their security posture.

Securin offers a comprehensive portfolio of tech-enabled services, including Attack Surface Management (ASM), Vulnerability Intelligence (VI), Pentesting, and Vulnerability Management. These capabilities allow our customers to gain complete visibility of their attack surface, stay informed of the latest security threats and trends, and proactively address their risks.

SecurityHQ Ltd

SecurityHQ is a Global Managed Security Service Provider (MSSP), that detects, and responds to threats, instantly. As your security partner, we alert and act on threats for you. Gain access to an army of analysts that work with you, as an extension of your team, 24/7, 365 days a year. Receive tailored advice and full visibility to ensure peace of mind, with our Global Security Operation Centres. Utilize our award-winning security solutions, knowledge, people, and process capabilities, to accelerate business and reduce risk and overall security costs.

Since our establishment in 2003, SecurityHQ has evolved into the most advanced Managed Security Service providers globally, with Security Operation Centres spread across the United Kingdom, the Middle East, Americas, India, and Australia. We realized that some of the greatest risks to our clients way of life are propagated via digital risks in a data driven world.

The post Welcome to our newest members appeared first on CREST.

30 March 2023

To comply with the highest audit standards, Secura can now offer CREST approved audits for pen testing and vulnerability assessments.

CREST is an independent, non-profit organization that sets professional standards for Pentesting in an unregulated environment. Their accreditations confirm the abilities of Pentesting companies; up-to-date knowledge and skills, the right processes in place, and compliance with regulatory standards. Also, you can be sure that the accredited company is responsible for dealing with you and your environment.

For Secura, consistency and accuracy in our testing process have always been important. With this new CREST accreditation, we can now also deliver our pen testing and vulnerability assessments according to the highest industry standard. Working and delivering according to the CREST processes confirms the consistency of our approach. This gives our customers the confidence that we will deliver as promised. Also, it makes it easier to compare tests and see progress over time.

Secura will help financial organizations leverage CREST to consistently manage their IT risk and related test programs, in compliance with the up and coming Digital Operational Resilience Act (DORA)

“Recognising the vital role of penetration testing for its ever increasing client base, Secura can now give customers the added assurance that its services meet the highest standards, by successfully going through the CREST accreditation process,” said Rowland Johnson, President of CREST. “Secura’s accreditation reflects its commitment to invest in the people, processes, methodologies and systems to deliver internationally recognized and trusted services.”

Anne de Nies, Manager Finance Market Group, comments – “I’m proud to say that we are certified against the high international standard of CREST. We believe we are doing the right thing, with the right skilled people and according to good practices. To have an external party confirm that is valuable.”

The benefits of this new certification include:

•          Consistency in test approach; see progress over time.

•          Help customers build a solid test program to comply with DORA.

•          Confidence in the knowledge and skills of Secura testers

About Secura

Secura is a leading expert in digital security. Our customers range from government and healthcare to finance and industry. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience. Since 2021, Secura is part of the Bureau Veritas Group.

The post Secura is proud to announce CREST certification appeared first on CREST.

9 March 2023

CREST is delighted to welcome its newest members:

Amicis R3 Limited

Amicis are end-to-end cyber resilience specialists. We understand that as your business grows, you do not want to worry about cyber attacks and you want certainty they are being prevented.

Through our detection, visibility, attack prevention and security service we will operationally enable you to grow, innovate and differentiate your business, without the fear of an attack destabilising your progress.

We prevent attacks from causing damage that keeps security leaders, government officials and business owners awake at night. Once secured, an in- depth report and remediation plan is established with ongoing managed resilience and proactive threat hunting.

Ankura

Ankura designs, develops, and executes tailored solutions and strategies designed for today’s ever-changing business environment.

Our senior-level advisors have provided valuable insights in all types of situations, from government issues to complex business challenges and legal proceedings.

Ankura solves the most mission-critical and complex cybersecurity challenges by helping our clients respond, mitigate, and recover more quickly in the event of a cyber-attack, insider threat, or data breach.

Bishop Fox

Bishop Fox is the leading authority in offensive security, providing solutions ranging from continuous penetration testing, red teaming, and attack surface management to product, cloud, and application security assessments.

We focus on offensive security because we believe securing modern organizations requires a “forward defense” approach that proactively uncovers and eliminates exposures before they are exploited.

Our Cosmos ‘Continuous Offensive Security Platform’ proactively defends dynamic attack surfaces by combining advanced technology, automation, and expert-driven testing to continuously identify and help you remediate high-risk exposures and emerging threats.

Cytix Ltd

Cytix seamlessly integrates a combination of automation and human pentesters into the fabric of your IT estate.

We are meeting the demand for on-demand cyber security through a revolutionary SaaS Platform that integrates vulnerability management and expert security consultants into organizations at every step in the journey.

Eleks Software UK Limited

ELEKS is the partner of choice for many of the world’s leading enterprises and technology companies. With more than 2,000 experts across Europe, the US and Canada, ELEKS helps businesses elevate their value through custom software development, product design, QA and consultancy services.

Featured services and areas of expertise:

• Product Design
• Full-Cycle Custom Software and Application Development
• Security Advisory Services
• PoC Development and Feasibility Study
• Data Science
• Blockchain Solutions
• Capacity Services and Smart Teams

Entelgy Innotec Security

InnoTec is a wholly-owned subsidiary of Entelgy Group specializing in cybersecurity, intelligence and risk management. Founded in 2002, we employ over 350 highly qualified professionals worldwide that provide best-in-class security services backed by our Advanced Security Operations Center (SmartSOC).

Our experience and deep commitment are endorsed by over 250 clients, including major public organizations and top companies in the countries we operate in.

We are technologically independent and our security solutions have been designed with an integrated approach to protect all your organization’s assets.

Intrix Cyber Security

Intrix Cyber Security, based in Sydney Australia. Intrix Cyber Security specializes in providing penetration testing, offensive security, and managed security services to organisations of all sizes, helping them identify and mitigate potential security threats to their networks and systems.

OISSG Consultancy

OISSG Consultancy is specialized in the field of Information Security. It is a pure-play security services consulting firm based in Doha, Qatar.

We have a dedicated team in Qatar, comprising of professionally qualified consultants in Information Security Practice with technical/audit/management skills and certifications in CISSP, OSCE, OSCP, CEH, CCIE, ISO 9001, ISO 27001, CISA, RHCE, MCSE, ISO 20000, CISM, ISO 22301, and various technology certifications.

OP Innovate Ltd

OP Innovate was established in 2014 to defend global enterprises from the increasing demands of organizational cybersecurity. Our experience in the field is extensive with unmatched expertise in cyber research, penetration testing, incident response, training and forensics. We are headquartered in Israel and are exposed to cutting-edge responses to today’s most critical cybersecurity concerns. This knowledge allows us and our customers to remain ahead of the curve.

Orenda Security LLC

Orenda Security consultants conduct industry-leading assessments and penetration testing methodology practices and will customize assessments to meet security standards, such as PCI DSS penetration testing requirements.

Periculo

Periculo is a Cyber Security Consultancy providing a variety of services, from penetration testing to managed ISO27001. We have experience in all sectors, especially, Finance, Health, Medical devices, Software as a Medical Device (SaMD) and the third sector. Our services include being a Cyber Essentials, Cyber Essentials Plus and IASME Assured accreditation body. Our speciality is working with companies who wish to reduce risk and increase efficiency rather than tick boxes and on this basis we form strong, long lasting partnerships.

Spyrosoft Ltd

Spyrosoft specializes in comprehensive IT and Cybersecurity services for sectors including, but not limited to Automotive, Geospatial, Healthcare & Life sciences, Industry 4.0, Financial, Employee Experience & Education. We are proficient in Offensive Security services, threat modelling, code review, vulnerability management and a wide range of consulting services which include also blue teaming and security architecture. We share the highest ethical professional values and quality of work is always our main principle.

The post Welcome to CREST’s newest members appeared first on CREST.

3 March 2023

Three more companies have become accredited to the CREST OVS Program, a quality assurance standard for the global application security industry.

The latest companies to become accredited to CREST’s OWASP Verification Standard (OVS) Program are: LE Global Services, Pen Test Partners and URM Consulting Services.

Congratulations to all three members!

They join Across Verticals, Nettitude, Pentest People, Trustwave and VerSprite in being able to offer CREST-accredited OWASP Application Security Verification Standard (ASVS) and/or Mobile Application Security Verification Standard (MASVS).

Developed in consultation with the Open Worldwide Application Security Project (OWASP), this first of its kind accreditation gives buyers of application security testing services the peace of mind that they are working with ethical and capable organisations with skilled and competent security testers. This in turn provides consumers with increased trust when purchasing mobile and web apps.

The CREST OVS accreditation demonstrates an organisation’s ability to execute and deliver assessments related to Level 1 and Level 2 of the OWASP ASVS and OWASP MASVS. Both ASVS and MASVS are OWASP projects, developed by the technical AppSec community to establish an open-source framework of security requirements for designing, developing and testing secure mobile and web applications.

CREST and OWASP are both non-profit organisations, and share a vision of increasing collaboration and open standards across the industry to build and maintain global cyber security standards.

To apply for the OVS Program, companies need to be accredited to the CREST Penetration Testing discipline. For more information on eligibility and how to become CREST OVS accredited, please visit the OVS pages on the CREST website.

About CREST

CREST is a not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognised accreditations for organisations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services. CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence. To ensure currency of knowledge in fast changing technical security environments the certification process is repeated every three years.

For more information on CREST: www.crest-approved.org

For media enquires contact: Allie Andrews, allie.andrews@crest-approved.org

About OWASP

The Open Worldwide Application Security Project (OWASP) is a non-profit foundation that works to improve the security of software. It includes:

• Community-led open source software and documentation projects
• Over 250+ local chapters worldwide
• Tens of thousands of members
• Industry-leading educational and training conferences

OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All OWASP projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

The post CREST welcomes its newest OVS companies  appeared first on CREST.

In aerospace and aviation, the physical aspects of safety are no longer exclusively synonymous with security. The CAA has also decided to focus on cybersecurity with the introduction of ASSURE.

PwC has recently announced a new accreditation with the Civil Aviation Authority and CREST. The CAA ASSURE accreditation introduces a new cybersecurity audit model for third parties providing services to the Aerospace industry. Within this, there are a new set of requirements that ensure cybersecurity providers are subject to a rigorous and continuous accreditation process under the ASSURE Scheme.

This scheme is part of the wider UK Aviation Cyber Strategy, in which the CAA has set out an approach that ensures cybersecurity will continue to be collaborative and supportive for the sector. The CAA’s vision is that the UK’s transport sector remains ‘safe, secure and resilient in the face of cyber threats, and able to thrive in an increasingly interconnected, digital world’. As part of this, the CAA was tasked by DfT to develop and implement a regulatory framework for cybersecurity, as well as facilitating oversight of the industry’s activities that relate to mitigating potential cyber risks for civil aviation in the UK.

The CAA has reformatted the Cyber Assessment Framework (CAF), developed by the NCSC, specifically for aviation, in which it will be used by aviation organisations to self-assess against fourteen principles across four broad objectives. ASSURE Cyber Suppliers and Cyber Professionals will then perform an ASSURE Cyber Audit on an aviation organisation’s CAF for Aviation self-assessment.

James Hunt, Director at PwC comments – “PwC recognises ASSURE accreditation as a benefit for society through supporting aviation entities, in scope for CAP 1753, on their journey to becoming more resilient and secure. Being an accredited supplier of the CAA’s ASSURE scheme demonstrates our commitment, proven experience and capability in supporting clients in this industry to address such an important issue.”

Peter Drissell, Director of Aviation Security at the UK Civil Aviation Authority (CAA) comments – “The CAA is committed to broad and collaborative engagement with industry and key stakeholders to continuously improve our cybersecurity oversight model. “By working with CREST to develop the ASSURE accreditation scheme, the aviation industry has access to the highest levels of skill, knowledge and competence to face the changing threat landscape and encourage a proactive approach to cybersecurity.”

The benefits of this new partnership include:

• We are now an accredited ASSURE Cyber Supplier in which our staff have become accredited ASSURE Cyber Professionals across all specialism areas in the process.
• Our knowledgeable, experienced and qualified cyber professionals can be deployed to assess an audit.
• We can provide a validated opinion of ‘achieved’, ‘partially achieved’ or ‘not achieved’ with associated commentary against each CAF for Aviation contributing outcome.
• Recommendations will be provided where ‘partially achieved’ or ‘not achieved’ contributing outcomes have been identified from an ASSURE Cyber Audit.

About PwC:

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 155 countries with over 327,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.co.uk

The post PwC announces new accreditation with the Civil Aviation Authority and CREST appeared first on CREST.