CREST announces first companies accredited to OWASP Verification Standard (OVS)

CREST announces first companies accredited to OWASP Verification Standard (OVS)

By CREST
Oct 28, 2022
2 minutes

28 October, 2022 CREST, the international not-for-profit, membership body representing the global cyber security industry, has announced Across VerticalsNettitudePentest PeopleTrustwave and VerSprite as the first companies to be awarded accreditation to its OWASP Verification Standard (OVS) program, a quality assurance standard for the global application security industry.

Developed in consultation with the Open Web Application Security Project (OWASP), this first of its kind accreditation gives buyers of application security testing services the peace of mind that they are working with ethical and capable organisations with skilled and competent security testers. This in turn provides consumers with increased trust when purchasing mobile and web apps.

"Congratulations to Across Verticals, Nettitude, Pentest People, Trustwave and VerSprite. CREST OVS is setting new standards in web and mobile application security. Accreditation to the OVS program demonstrates that their application security assessment services provide the highest level of assurance," said Rowland Johnson, president of CREST. "The program has a series of explicit requirements that are designed to assess and harness the capabilities of an organisation, along with the skills and competencies of its individual security testers."

CREST OVS program accreditation demonstrates an organisation's ability to execute and deliver assessments related to Level 1 and Level 2 of the OWASP Application Security Verification Standard (ASVS) and OWASP Mobile Application Security Verification Standard (MASVS). Both ASVS and MASVS are OWASP projects, developed by the technical AppSec community to establish an open-source framework of security requirements for designing, developing and testing secure mobile and web applications.

"CREST and OWASP have taken an important step for the cybersecurity industry as the market demands and deserves clear access to organizations that can deliver quality-assured application security testing," said Chris Oakley, Vice President of Technical Services at Nettitude. "We are delighted to be one of the first organizations to achieve this accreditation maintaining our proud record of being certified by CREST across all their disciplines."

By leveraging ASVS and MASVS, CREST is formally supporting the open-source community to build and maintain global standards. CREST and OWASP are both non-profit organisations. and share a vision of increasing collaboration and open standards across the industry to build and maintain global cyber security standards.

"High quality and consistency are the most important thing at SpiderLabs," explained Tanya Secker, EMEA Director at Trustwave SpiderLabs. "We already included mapping to ASVS within our methodologies and align closely with all OWASP methodologies, so CREST OVS seemed like the natural approach to further enhance our delivery within the application security services space."

To apply for the OVS program, companies need to be accredited to the CREST Penetration Testing discipline. For more information on eligibility and how to become CREST OVS accredited, please visit the OVS pages on the CREST website.

"CREST OVS provides an assurance to customers who are genuinely interested in a high quality and standards-based penetration testing," said Saurabh Sarawat, Founder & Managing Director, Across Verticals. "At Across Verticals we see this accreditation to be in line with our philosophy of benchmarking and competing internationally."

Andrew Mason, Co-Founder of Pentest People, said: "Pentest People are always trying to innovate and stay one step ahead of the industry, this is why we have chosen to offer the CREST OVS program, which offers an in-depth security assessment, utilising our specialist consultants. This type of assessment should be undertaken by security mature clients as an additional layer of assurance that the application, underlying server and internal processes are at a high standard."

Tony UcedaVélez, founder and CEO of VerSprite, said: "CREST is looking to level-set what is exploit testing, and they are committed to a communal approach in doing that, embracing frameworks and control sets from a multitude of reputable sources and linking with leaders in the industry to elevate requirements for exploit testing. We could not pass up the opportunity to be a part of that change as a global cyber security firm."

CREST has also launched its enhanced 'Find a Supplier' platform, to include options for OVS and all other CREST programs and accreditations, as well as regulator-led schemes. It has been designed to make searching for and selecting the right cyber security supplier simpler and more intuitive for buyers.

About CREST

CREST is an international not-for-profit, membership body representing the global cyber security industry. Its goal is to help create a secure digital world for all by quality assuring its members and delivering professional certifications to the cyber security industry.

CREST accredits almost 300 member companies, operating across dozens of countries, and certifies thousands of professionals worldwide. It works with governments, regulators, academia, training partners, professional bodies and other stakeholders around the world. CREST members undergo a rigorous quality assurance process and employ competent professionals. Organisations buying their cyber security services from CREST members do so with confidence.

For media enquiries:

Heike Anderhub, heike.anderhub@crestapproved.org