Get in Touch Close Menu

What is CREST Penetration Testing? 

13 September 2021

How can you ensure you have outsourced your penetration testing requirements to the right provider? 

You may look at a security services provider’s experience or ask for evidence of testing conducted for other organisations. 

There is, however, another point to consider – accreditation. 

At Sapphire, we want to ensure every one of our customers has the confidence in us to implement their cybersecurity services. We provide customers with the knowledge on vulnerabilities to allow them to remediate and, in turn, reduce the attack surface.

When carrying penetration testing or vulnerability assessment assignments, Sapphire testers adhere to guidelines, codes of ethics and principles published by several accreditations – one being CREST. 

But what is CREST? And how does being CREST registered act as a way of building trust between customer and provider? 

CREST accreditation

What is Penetration Testing?  

Penetration tests, or pen tests, are simulated cyber-attacks via ethical hacking to expose flaws in an organisation’s security measures.

Commissioning a penetration test or vulnerability assessment is a great way to ensure that security technologies are in place and functioning correctly. An assessment can also provide peace of mind that your software, servers, workstations and infrastructure are all behaving in a manner to protect your critical business data and reputation from external or internal attack.

A test is often a necessity due to many different regulatory compliance demands. If not carried out due to best practice, a test can go a long way to reassure customers and business partners alike. A penetration test is a great way to ‘prove’ changes to network infrastructure by identifying any weaknesses exposed or corrected by the changes made. It can also be used as a tool before connecting new services or applications onto a live network.

In today’s connected world, organisations of all sizes in both the public and private sectors need to be aware of the limitations of their security technologies and procedures. If you have company and or personal data either connected to the Internet or providing access to business-critical services, then you should regularly test the security of your infrastructure.

Using custom toolkits and well-established commercial tools, the testing team can provide a unique and thorough assessment that is not possible using automated vulnerability scanners.

On completion of any test, Sapphire will complete a management report and a full technical report. The deliverables will include recommendations for technical countermeasures and other improvements where appropriate. The reports will also compare previous test results to enable our customers to evaluate ongoing patch management and configuration work effectiveness.

To give your organisation peace of mind, you may choose to appoint a trusted, specialist cybersecurity provider, employing qualified professionals to help them conduct your penetration testing.  

Who is CREST?  

The Council for Registered Ethical Security Testers (CREST) is an international not-for-profit accreditation and certification body representing and supporting the technical information security market.  

What does a CREST certified company mean?  

CREST accreditation represents cybersecurity providers that offer the highest standard of service and most professional network or website penetration testing.  

To be certified with a CREST accreditation, a cybersecurity provider will go through a stringent assessment of:  

  • Company procedures and standards  
  • Personnel security and development  
  • Approach to testing and response  
  • Data security  

CREST guides Sapphire on preparing for penetration tests, conducting actual tests consistently, and following up tests effectively. This guide also provides practical advice on establishing and managing a penetration testing programme, helping organisations achieve effective, cost-effective penetration testing as part of a technical security assurance framework.  

Why is a CREST-accreditation important for a pen testing provider?  

Becoming a CREST member requires a stringent assessment process. Choosing Sapphire as your CREST penetration test team assures you that our information security methodologies can provide a strong assessment and, therefore, implementation of your security systems.  

A CREST certification pen testing service also assures the customer that the entire pen testing process is conducted to the highest legal, ethical, and technical standards. The CREST pen testing process follows best practices in critical areas such as preparation & scoping, assignment execution, post technical delivery and data protection.

Why choose Sapphire for your penetration testing?  

With 25 years of experience in cybersecurity, Sapphire’s pen-testing prides itself on delivering tangible results for our clients.  

Sapphire testers work within current legislation, the Computer Misuse Act and its various amendments. Data Protection and other relevant laws and acts are observed during testing and or data handling procedures.

Sapphire’s pen testers are ethical hackers who use custom toolkits and well-established commercial penetration testing tools to target IT systems. Our team provides a unique and thorough security assessment which is not possible using automated scanners. 

Sapphire’s CREST penetration tests utilise agile and adaptive techniques to adjust to your organisation’s systems. Our experienced penetration testers job is to expose any security flaws.   

So, whether you are looking for support with an on-site project or require or deliver penetration testing services remotely, Sapphire is here to help.  

Trust is important to us. That is why we partner with our clients to provide a high standard of customer experience in delivering cybersecurity services.  

What Pen Testing services does Sapphire offer?  

Sapphire offers a range of testing services that can provide peace of mind and be flexible to your business needs. Our CREST accredited services include:  

  • External testing  
  • Internal testing  
  • Web application testing  
  • Wireless testing  
  • Remote access and VPN testing  
  • CHECK testing  
  • Device testing  
  • Firewall review  
  • Build and configuration reviews  
  • Vulnerability assessments and automated scanning  
  • Social engineering  
  • Cyber essentials  

Want to know more about our CREST accredited pen testing services?

Contact us today

I agree to the terms & conditions

Related Articles

What are Threat Actors?
25 October 2021

In the world of cybersecurity, the more you know about threat actors, the better placed you are to counteract and manage cyber threats and attacks. But what is a threat actor? We can define a threat actor as a person, group, or entity performing a cyber-attack designed to impact an organisation negatively. In other words, someone who […]

Find Out More
What makes a Good Incident Response Team? | Sapphire
19 October 2021

A cybersecurity incident response team (also known as CSIRT) is a team of cybersecurity experts available to deal with an incident occurring in an organisation. The team can be either internal or external, this depends on the nature of the incident and whether the team is equipped to deal with it effectively.  

Find Out More
An Interview with Vernon Poole on Cyber Security Culture | Sapphire
18 October 2021

It’s an exciting concept and one that many people don’t grasp. All organisations today can potentially fall victim to a cyber-attack or cyber security outage, which can cause severe damage to its ability to operate and its infrastructure. It’s more than just cyber security awareness; it requires the whole workforce to know what the risk is and the processes that need to be followed to avoid this risk.

Find Out More