Our penetration testing and audit service includes reviewing network and web applications, wireless networks, physical security and social engineering. It is a comprehensive set of procedures and techniques that utilises testing tools, analyses results and applies crafted, manual tests to fully review your target environment.

Telephone: +44 (0) 1925 600062
Email: crest@ambersail.com
Website: www.ambersail.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Activity is an independent specialist information security consultancy helping organisations protect their data networks, business information and online assets.

Our CHECK and CREST consultants provide a full range of security testing services that assess the technical threats to an organisation's networks and applications. Expertise includes; Network Penetration Testing, Application Testing including Web and client/server applications as well as Databases, Wireless, Social Engineering, Source Code reviews and training.

Activity holds ISO 9001:2005 & ISO 27001:2005 certifications.

Telephone: +44 (0) 1252 377321
Email:  info@activityim.com
Website: www.activityim.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

BAE Systems Detica develop, integrate and manage information intelligence solutions to help our clients deliver effective and secure services to citizens and customers. We also develop solutions to strengthen national security and resilience. We.re part of BAE Systems, a global defence and security company with over 100,000 employees worldwide.

Telephone: +44 (0)1483 816000
Email: Tim.orchard@baesystemsdetica.com
Website: www.baesystemsdetica.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? Yes

Telephone: + 44 (0) 207 356 5000
Email: Karl.smith@bt.com 
Website: www.bt.com

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? No

commissum is committed to delivering excellence across the whole spectrum of Information Assurance services to a cross section of private and public sector organisations. We are passionate about our clients’ ability to maximise competitive advantage and value from their information assets.


As Scotland’s only CREST company, delivering locally across the UK, the testing team has established a reputation for innovation, integrity and quality of service making commissum the ideal choice as a security testing partner.

Telephone: +44 (0) 845 644 3217
Email:  info@commissum.com 
Website: www.commissum.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? Yes

Context is an independent security consultancy, to which many of the world’s most successful financial institutions entrust security evaluations of their most complex applications and architectures. Our consultants sit on industry bodies and are regarded by their peers as thought leaders in the security field. Context is a “Green Light” CESG (CHECK) service provider and a founder member of CREST (the Council of Registered Ethical Security Testers).

Telephone: +44 (0) 207 537 7515
Email:  info@contextis.co.uk 
Website: www.contextis.co.uk

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Cyberis is an independent information security consultancy, providing a wide range of consultancy services. From simple vulnerability assessments to in-depth targeted attacks, Cyberis can help you identify and manage technical risks in systems and applications before these become a threat to your organisation. Our services range from simple vulnerability assessments all the way to the creation and implementation of tailored information security management frameworks. Cyberis is a company of the CESG IT Health Check Service.

Telephone: 03333 444 800
Email: crest@cyberis.co.uk
Website: www.cyberis.co.uk

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? No

Deloitte is a global leader in helping clients manage risk and uncertainty, from the boardroom to the basement. We provide a broad array of services that allow clients around the world to better measure, manage and control risk.

We are helping our clients manage information securely. Our Information & Technology Security Group's services include identity management, application integrity, infrastructure security (e.g. CHECK, Penetration Testing) and Security Strategy/Management (e.g. CLAS, ISO27001, IAMM, DPA).

Telephone: +44 (0) 20 7936 3000
Email: aridavies@deloitte.co.uk
Website: www.deloitte.co.uk/security

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? Yes

Digital Assurance is a specialist, wholly independant information security consultancy with a focus on security assessment services, information assurance consulting and security training. Digital Assurance has extensive experience of delivery a full range of technical security assessment and penetration testing services through the public and private sectors and is a member of both the CREST and CHECK schemes. Our objective is to provide comprehensive, flexible and independant security testing in any environment.

Telephone: +44 (0) 207 060 9001
Email: matt.jones@digitalassurance.com
Website: www.digitalassurance.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? No

Dionach is certified to ISO 27001 and is a PCI ASV. We have been providing penetration testing and security auditing services for over 10 years. All of our staff focus on technical understanding, flexibility, and giving the level of service that you want. Our reports are all about practical recommendations, and helping you understand the issues and where improvements may be needed.

Telephone: 01865 877830
Email: crest@dionach.com
Website: www.dionach.com

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

ECSC's approach to testing is designed to help you identify vulnerabilities wherever they might exist, assess your risks, and develop appropriate protection systems.

The effective identification of your system vulnerabilities, and associated risk priorities, helps you target immediate improvements. Our testing services include:

- External penetration testing - measuring your external exposure to attack

- Internal vulnerability assessment - identifying internal weaknesses

- Code audit - uncovering system weaknesses that can lead to a breach.

Telephone: +44 (0) 1274 736233
Email: consulting@ecsc.co.uk
Website: www.ecsc.co.uk

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? No

Gotham Digital Science (GDS) is an information security consulting firm that works with clients to identify, prevent, and manage security risks.
Gotham Digital Science clients number among the largest financial services institutions and software development companies in the world, including FTSE 100, Fortune 100, and Global 500 firms.
Whether you need to assess your systems for possible vulnerabilities, ensure compliance with regulatory requirements, or ensure that your products are built securely, GDS provides comprehensive solutions.

Telephone: +44 (0) 845 643 9220
Email: crest@gdssecurity.com
Website: www.gdssecurity.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

HP Information Security offers a comprehensive portfolio of information security and infrastructure technology and services delivered by specialist Professional Support and Managed Services teams. This includes solutions for perimeter and network security, web and email content management, data loss prevention, application services, virtualisation, remote access, mobile working, identity and access management, protective monitoring, ISO27001 compliance and penetration testing.

Telephone: +44 (0) 1908 284554
Email: jim.hardisty@hp.com
Website: www.hp.com/info/security

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Information Risk Management plc Group (IRM) are the UK's leading specialists in information risk. The company was founded in 1998 to provide advice to organisations across both the public and private sectors, a mission it continues to this day.

Offering a range of products and services from penetration testing, through payment risk consulting and legal and regulatory work to training and security awareness programmes, IRM has built up an enviable reputation amongst its extensive client base.

IRM Group.
Security | Privacy | Trust
London | Cheltenham | Dublin

Telephone: +44 (0) 1242 225 200
Email: info@irmplc.com
Website: www.irmplc.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Inner Security provides the full range of penetration testing services and all forms of security consultancy including solutions architecture, network forensics, and human security. We have a unique testing methodology and a desire to provide excellence in everything that we do.
We ensure that our people are highly professional and able to understand our customer's business and technical requirements in order to provide appropriate high quality solutions to them.

Telephone: +44 (0) 8450 098477
Email: info@inner-security.co.uk
Website: www.inner-security.co.uk

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? Yes

KPMG provides independent security advisory, testing and incident response services to clients across all sectors around the globe. Our Cyber Team is comprised of technical security specialists in infrastructure and application testing, and incident response. Our client relationships are built on mutual trust and long-term commitment to providing effective and efficient solutions and quality service. We are both a CREST and CESG CHECK and CTAS security services provider.

Telephone: +44 (0) 207 311 5386
Email: infosec@kpmg.co.uk
Website: www.kpmg.co.uk/cyber

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

MDSec is an independent, vendor-neutral technical security consultancy reaching beyond penetration testing to provide the training, tools and methodologies used globally by other technical security consultancies, internal development teams and end users in the fields of Mobile, Web Application and Network Infrastructure Security.

Telephone: +44 (0) 1625 263 503
Email: contact@mdsec.co.uk
Website: www.mdsec.co.uk

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? No

MTI deliver CREST/CHECK level penetration testing for clients in government, military and all commercial sectors. Popular assessment include:
Internal & External Penetration Testing (OSSTMM)
Web Application Security Testing (OWASP)
PCI Testing
GSI/GCSx/GSX IT Healthchecks
Citrix Testing
VOIP Infrastructure Testing
Mobile/PDA Testing
Social Engineering
Windows, Linux & Solaris hardening reviews
Network Infrastructure Reviews

MTI deliver consultancy to achieve compliance with PCI-DSS, ISO27001, GCSx CoCo and NHS-IGSoC.

Telephone: +44 (0) 1483 520200
Email: crest@mti.com
Website: www.mti.com

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? No

Telephone: +44 (0) 1256 300920
Email: info@mwrinfosecurity.com 
Website: www.mwrinfosecurity.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Nettitude delivers high quality Security testing and Compliance services across the UK and the US. As well as being a PCIDSS ASV and QSA company, Nettitude's consulting division is involved in the full Information Security lifecycle, delivering policy, procedure and technology based solutions. Security Testing is a core component of all of our engagements and we have one of the strongest lists of testimonials within this sector.

Nettitude is ISO9001, ISO27001, Investors in People, as well as a CREST and CLAS Consultancy.

Telephone: 0845 520 0085
Email: solutions@nettitude.com 
Website: www.nettitude.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

NCC Group is a leading global information assurance company, providing freedom from doubt that all critical material is available, protected, and operating as it should be at all times.

Comprising the largest single Penetration Testing team of its type in the world, NCC Group provides information security services to thousands of customers worldwide.

Our tests are performed by experienced penetration testers with a wealth of knowledge in diverse IT disciplines including; policy, design, implmentation and development.

Telephone: +44 (0) 161 209 5111
Email: pentest@nccgroup.com
Website: www.nccgroup.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Telephone: +44 (0) 1634 721855
Email: sales@nta-monitor.com 
Website: www.nta-monitor.com

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Obrela Security Industries provides professional and managed services to assess and manage information risk for complex enterprise environments and major domestic and Global 500 corporations

Engineered for complex enterprise environments O.S.I.'s Corporate Security Intelligence Services allow for the highest, complete and most robust protection that clients can get for money, today. We have proven these services can be delivered professionally and consistently in numerous engagements and diverse projects, addressing a multitude of information security disciplines and industry-specific requirements.

Telephone: +44(0)208 895 4105
Email: info@obrela.com
Website: www.obrela.com

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? No

Telephone: +44 (0) 203 095 0500
Email: info@pentestpartners.com
Website: www.pentestpartners.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Pentura, incorporated in 2002, is a leading IT Security Specialist providing expert consultancy services combined with best of breed technologies to deliver effective security, risk and compliance solutions. Our security consultants are recognised leaders in their fields and hold accreditations with major Industry and Government schemes, including ISO27001, CHECK and CREST.

Telephone: +44 (0) 118 976 8960
Email: info@pentura.com
Website: www.pentura.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Penetration Testing is undoubtedly a specialist technical service. Delivering this service requires dedication and commitment by both the people delivering the service and the organisation that supports the people. Perspective Risk is an independent consultancy that specialises in penetration testing, we don't dilute our offering or focus away from our core service. Together with our independently verified processes (ISO9001, ISO27001, CREST Member) you can be sure you will receive an exceptional service.

Telephone: +44 (0) 1604 521111
Email: info@perspectiverisk.com
Website: www.perspectiverisk.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Portcullis Computer Security is a leading UK specialist in Information Assurance (IA) Services. Formed in 1986 our history and pedigree are unrivalled. Over three decades we have provided Security Assessment and Computer Forensic Services to public and private sector organisations.

Our services form the cornerstone of a client’s Risk Management and Reduction processes, providing unbiased advice, a thorough identification of technical risks and clear structured mitigation strategies.

Portcullis proudly supports the CREST and CHECK schemes.

Telephone: +44 (0) 208 868 0098
Email: enquiries@portcullis-security.com 
Website: www.portcullis-security.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

At PricewaterhouseCoopers we ensure that a true, reflective threat scenario is the starting point for any testing. This allows us to tailor the testing performed to maximize value for you. All of our testing is bespoke and in response to the real world threat scenarios experienced by our global client base.

Telephone: +44 (0) 7808 105804
Email: crest@uk.pwc.com
Website: www.pwc.co.uk/informationsecurity

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

ProCheckUp were formed over a decade ago, specializing in web application testing. Today, our services include penetration testing, code reviews, PCI DSS auditing and training. Communication is paramount during all our projects and we strive to maintain a personable approach, offering guidance from the initial scoping phase through to the presentation of our findings and remediation.

Telephone: +44 (0) 207 307 5001
Email: info@procheckup.com
Website: www.procheckup.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? Yes

For over fifteen years, QinetiQ's Security Health Check team has assisted government, law enforcement, defence and commercial customers by expertly simulating attacks against their systems and networks. Every engagement performed by the QinetiQ team is tailored to a customer's specific requirements. Engagements can include:

Infrastructure testing
Application testing
Wireless testing
VoIP testing
On-host auditing
Bespoke products assessments
Social engineering
'Red teaming': the ultimate, practical, real-world assessment of an organisation's security posture.

Telephone: +44 (0) 1684 896666
Email: shc@shc.qinetiq-tim.net
Website: www.qinetiq.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Sec-1 Ltd is an independent security consultancy based in the UK and founded in 2001.

Our work is backed by extensive research and development to ensure that cutting edge testing techniques are adopted across all of our assessment services.

CREST penetration testing
Application testing by CREST accredited consultants
Wireless (Wi Fi) Security Testing
Vulnerability Assessments
PCI DSS Scanning
Physical security testing and social engineering
Firewall testing

Telephone:  +44 (0) 113 257 8955
Email: info@sec-1.com 
Website: www.sec-1.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

SECFORCE is a leading vendor independent CREST penetration testing consultancy providing effective business risk intelligence and security guidance for astute organizations that view security as an essential component of their business.

Driven by a passion for security and ongoing research, SECFORCE are one step ahead of the latest threat trends and vulnerabilities, ensuring clients are afforded the very best advice and assurance.

Telephone: 0845 056 8694
Email: info@secforce.co.uk
Website: www.secforce.co.uk

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? No

In partnership with Paladion / Plynt, a team of 85+ Security Test Engineers, with delivery centres in UK, Germany, US, Canada, UAE, Malyasia and India, provide the following services:

Web application testing and certification
Security source code review
Penetration testing
Security configuration audit

The test team is ISO27001 certified, a PCI QSA and PCI ASV, and has won several industry awards for Enterprise Security Testing and Web Application Testing and Certification.

Telephone: +44 (0)845 2270 333
Email: crest@securityalliance.co.uk 
Website: www.securityalliance.co.uk/crest-approved

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? No

SensePost is an independent provider of expert information security services. We have been providing penetration testing and training, vulnerability management and consultancy to a multitude of happy clients worldwide for more than a decade. We operate on an international basis across all five continents. Passion, commitment to excellence and quality define our work. Our ability to provide information security services in a comprehensive solution-focussed way and our unrivalled research set us apart from our competitors.

Telephone:
Email: info@sensepost.com
Website: www.sensepost.com

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? No

Since 2001, our team has provided independent security advisory and training services, being leaders in assessing the technical threats to networks and applications.

Specific expertise that we can provide you with includes:

-Network penetration testing
-Application penetration testing
-Databases, wireless, social engineering, source code reviews
-University accredited hands-on training in penetration testing & computer forensics

Experience high quality service levels that our valued clients around the globe expect. 7Safe is a PA Consulting Group company.

Telephone:  +44 (0)870 600 1667
Email: crest@7safe.com
Website: www.7safe.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? Yes

Thales is a world leader in providing cyber security systems and infrastructures for business dependant IT systems. Our strong heritage of delivering solutions to government, defence and enterprise organisations ensures we deliver value added security systems and services without compromising on performance. We provide a range of cyber security solutions from vulnerability assessments and secure data hosting to secure network development and high grade encryption, all delivered by our specialist team of cyber experts.

Telephone: (0) 7854 131 003
Email: cyber@uk.thalesgroup.com
Website: www.thalescyberassurance.com

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? No

SpiderLabs® is the advanced security team within Trustwave focused on application security, incident response, pentesting, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and many hundreds of application security tests globally. In addition, the SpiderLabs Research team provides intelligence through bleeding-edge research and proof of concept tool development to enhance Trustwave's products and services.

SpiderLabs is both a CREST and CESG CHECK security services provider.

Telephone: +44 (0) 7581 414947
Email: tneaves@trustwave.com
Website: www.trustwave.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? Yes

Telephone: +44 (0) 207 984 2722
Email: dave.charlton@verizonbusiness.com
Website: www.verizonbusiness.com

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? No