Wednesday, December 25, 2024

Leeds cyber security firm among first 5 to gain CREST OVS accreditation

Award-winning cybersecurity consultancy, Pentest People, has become one of the first companies in the UK to be accepted onto the CREST OWASP Verification Standard (OVS) for application security testing.

Pentest People has satisfied the Council of Registered Ethical Security Testers (CREST) that it can deliver web application security assessments to meet both Level 1 and Level 2 of the Open Web Application Security Project’s Application Security Verification Standard (OWASP ASVS).

The new OWASP Verification Standard has been introduced to provide organisations with the assurance that accredited providers have the required skills and competencies to perform in-depth application security assessments and to ensure that the same rigorous web application testing criteria and methods are consistently applied throughout the cyber security industry.

Developed with governments, regulatory bodies and multi-national organisations with the goal of improving global application security, CREST OVS also provides mobile and web application developers with a higher level of quality assurance.

The new Pentest People CREST OVS team will be led by Alex Archondakis, head of Professional Services. Commenting on the new application security testing framework, Alex said, “The CREST OVS framework provides a common set of criteria that we use to perform rigorous application testing that goes well beyond the standard OWASP Top 10 vulnerabilities and involves source code review and a security audit of underlying databases, operating systems and internal processes surrounding the application. OVS requires testers to also assess the documentation and process flows for application logic. As such, an OVS test is likely to be requested by organisations working in regulated industries such as banking and finance.”

Accredited CREST OVS testers must examine applications against 286 separate requirements.

“We’ve added CREST OVS to our service offerings to provide security mature clients with a more in-depth assessment that not only examines an application’s external security, but also checks for vulnerabilities in source code, underlying operating system and database accounts, logic flows and internal processes. The beauty of the framework is that it shows where developers have got things right, as well as highlighting any critical flaws that they need to focus on fixing,” explains Alex Archondakis.

Andrew Mason, co-founder of Pentest People, comments, “Pentest People are always looking to innovate and enhance our services so that we stay at the forefront of the industry. CREST OVS tests, delivered by our specialist consultants, will offer security mature companies the assurance that their applications, code, underlying servers and internal processes meet the highest security standards.”

“Our consultants already include a number of CHECK team leaders and CHECK team members. We have a really high standard of security professionals working for the company. We also have our own in-house developers who can assist with source code reviews, so we’re one of the only companies in the UK that can offer both Level 1 and Level 2 OVS testing.  As part of our accreditation, Pentest People’s OVS consultants have also completed CREST’s Skilled Person Register and signed the Code of Conduct for ethical security testers.”

Led by Anthony Harvey, Gavin Watson, Robin Hill and Andrew Mason, Pentest People has grown from four to over a hundred employees within four years. The company employs a number of CHECK team leaders, who possess qualifications and penetration testing experience approved by the National Cyber Security Centre (NCSC).

To accommodate its growing team and training programme, Pentest People moved into the largest office in Leeds’ Coach Works earlier this year and opened a second office close to GCHQ’s cyber security hub in Cheltenham.

A message from the Editor:

Thank you for reading this story on our news site - please take a moment to read this important message:

As you know, our aim is to bring you, the reader, an editorially led news site and magazine but journalism costs money and we rely on advertising, print and digital revenues to help to support them.

With the Covid-19 pandemichaving a major impact on our industry as a whole, the advertising revenues we normally receive, which helps us cover the cost of our journalists and this website, have been drastically affected.

As such we need your help. If you can support our news sites/magazines with either a small donation of even £1, or a subscription to our magazine, which costs just £31.50 per year, (inc p&P and mailed direct to your door) your generosity will help us weather the storm and continue in our quest to deliver quality journalism.

As a subscriber, you will have unlimited access to our web site and magazine. You'll also be offered VIP invitations to our events, preferential rates to all our awards and get access to exclusive newsletters and content.

Just click here to subscribe and in the meantime may I wish you the very best.








Latest news

Related news