Award-winning cybersecurity consultancy, Pentest People, has become one of the first companies in the UK to be accepted onto the CREST OWASP Verification Standard (OVS) for application security testing.
Pentest People has satisfied the Council of Registered Ethical Security Testers (CREST) that it can deliver web application security assessments to meet both Level 1 and Level 2 of the Open Web Application Security Project’s Application Security Verification Standard (OWASP ASVS).
The new OWASP Verification Standard has been introduced to provide organisations with the assurance that accredited providers have the required skills and competencies to perform in-depth application security assessments and to ensure that the same rigorous web application testing criteria and methods are consistently applied throughout the cyber security industry.
Developed with governments, regulatory bodies and multi-national organisations with the goal of improving global application security, CREST OVS also provides mobile and web application developers with a higher level of quality assurance.
The new Pentest People CREST OVS team will be led by Alex Archondakis, head of Professional Services. Commenting on the new application security testing framework, Alex said, “The CREST OVS framework provides a common set of criteria that we use to perform rigorous application testing that goes well beyond the standard OWASP Top 10 vulnerabilities and involves source code review and a security audit of underlying databases, operating systems and internal processes surrounding the application. OVS requires testers to also assess the documentation and process flows for application logic. As such, an OVS test is likely to be requested by organisations working in regulated industries such as banking and finance.”
Accredited CREST OVS testers must examine applications against 286 separate requirements.
“We’ve added CREST OVS to our service offerings to provide security mature clients with a more in-depth assessment that not only examines an application’s external security, but also checks for vulnerabilities in source code, underlying operating system and database accounts, logic flows and internal processes. The beauty of the framework is that it shows where developers have got things right, as well as highlighting any critical flaws that they need to focus on fixing,” explains Alex Archondakis.
Andrew Mason, co-founder of Pentest People, comments, “Pentest People are always looking to innovate and enhance our services so that we stay at the forefront of the industry. CREST OVS tests, delivered by our specialist consultants, will offer security mature companies the assurance that their applications, code, underlying servers and internal processes meet the highest security standards.”
“Our consultants already include a number of CHECK team leaders and CHECK team members. We have a really high standard of security professionals working for the company. We also have our own in-house developers who can assist with source code reviews, so we’re one of the only companies in the UK that can offer both Level 1 and Level 2 OVS testing. As part of our accreditation, Pentest People’s OVS consultants have also completed CREST’s Skilled Person Register and signed the Code of Conduct for ethical security testers.”
Led by Anthony Harvey, Gavin Watson, Robin Hill and Andrew Mason, Pentest People has grown from four to over a hundred employees within four years. The company employs a number of CHECK team leaders, who possess qualifications and penetration testing experience approved by the National Cyber Security Centre (NCSC).
To accommodate its growing team and training programme, Pentest People moved into the largest office in Leeds’ Coach Works earlier this year and opened a second office close to GCHQ’s cyber security hub in Cheltenham.