London software testing news UK

Pen testing regulatory body launched in London

Posted in security testing by testing in London on April 25, 2008

From Heise Online

The Council of Registered Ethical Security Testers (CREST) was formally launched at the Infosecurity Europe expo in London. Born of the recognition that there was no assurance framework for security services providers in the private sector analogous to the government CLAS scheme, CREST was initiated in early 2007 to provide a “kite mark” for security testers serving commerce and industry.

Consultation with security testing professionals revealed that there were at that time no defined standards or formal tests of competence. Around 30 specialist companies therefore pooled resources to develop a framework of standards and examinations that would serve as a common criterion of competence for both companies and individuals. Processes were then developed to support the framework. The initiative is well supported in government circles. The examinations have been accepted as comparable with CLAS lead auditor qualifications – to the extent that a pass in the CREST exam qualifies the recipient, as if under CLAS, to work on government projects.

The consortium went live in early 2008 as a not-for-profit organisation offering technical examinations for individuals and an assurance framework for companies to apply to validating their staff on commercial and ethical criteria. Two tracks of examinations for individuals are currently offered: infrastructure testing and application testing with an emphasis on web applications. The examinations are in three parts: a black box practical, a multiple choice theory paper drawn from a large pool and a discursive answer theory paper. The latter, although currently unusual in technical examinations, was included specifically to validate the communication skills of candidates, as this is seen as a critical component of the consultancy role.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: