Our penetration testing and audit service includes reviewing network and web applications, wireless networks, physical security and social engineering. It is a comprehensive set of procedures and techniques that utilises testing tools, analyses results and applies crafted, manual tests to fully review your target environment.

Telephone: +44 (0) 1925 600062
Email: crest@ambersail.com
Website: www.ambersail.com

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Activity is an independent specialist information security consultancy helping organisations protect their data networks, business information and online assets.

Our CHECK and CREST consultants provide a full range of security testing services that assess the technical threats to an organisation's networks and applications. Expertise includes; Network Penetration Testing, Application Testing including Web and client/server applications as well as Databases, Wireless, Social Engineering, Source Code reviews and training.

Activity holds ISO 9001:2005 & ISO 27001:2005 certifications.

Telephone: +44 (0) 1252 377321
Email:  info@activityim.com
Website: www.activityim.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Telephone: + 44 (0) 207 356 5000
Email: Karl.smith@bt.com 
Website: www.bt.com

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? No

commissum is committed to delivering excellence across the whole spectrum of Information Assurance services to a cross section of private and public sector organisations. We are passionate about our clients’ ability to maximise competitive advantage and value from their information assets.


As Scotland’s only CREST company, delivering locally across the UK, the testing team has established a reputation for innovation, integrity and quality of service making commissum the ideal choice as a security testing partner.

Telephone: +44 (0) 845 644 3217
Email:  info@commissum.com 
Website: www.commissum.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? No

Context is an independent security consultancy, to which many of the world’s most successful financial institutions entrust security evaluations of their most complex applications and architectures. Our consultants sit on industry bodies and are regarded by their peers as thought leaders in the security field. Context is a “Green Light” CESG (CHECK) service provider and a founder member of CREST (the Council of Registered Ethical Security Testers).

Telephone: +44 (0) 207 537 7515
Email:  info@contextis.co.uk 
Website: www.contextis.co.uk

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Deloitte is a global leader in helping clients manage risk and uncertainty, from the boardroom to the basement. We provide a broad array of services that allow clients around the world to better measure, manage and control risk.

We are helping our clients manage information securely. Our Information & Technology Security Group's services include identity management, application integrity, infrastructure security (e.g. CHECK, Penetration Testing) and Security Strategy/Management (e.g. CLAS, ISO27001, IAMM, DPA).

Telephone: +44 (0) 20 7936 3000
Email:  dheppenstall@deloitte.co.uk
Website: www.deloitte.co.uk/security

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? Yes

Dionach is certified to ISO 27001 and is a PCI ASV. We have been providing penetration testing and security auditing services for over 10 years. All of our staff focus on technical understanding, flexibility, and giving the level of service that you want. Our reports are all about practical recommendations, and helping you understand the issues and where improvements may be needed.

Telephone: 01865 877830
Email: crest@dionach.com
Website: www.dionach.com

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

GSS deliver CREST/CHECK level penetration testing for clients in government, military and all commercial sectors. Popular assessments include:

Internal & External Penetration Testing (OSSTMM)
Web Application Security Testing (OWASP)
PCI Testing
GSI/GCSx/GSX IT Healthchecks
Citrix Testing
VOIP Infrastructure Testing
Mobile/PDA Testing
Social Engineering
Windows, Linux & Solaris hardening reviews
Network Infrastructure Reviews

GSS deliver consultancy to achieve compliance with PCI-DSS, ISO27001, GCSx CoCo and NHS-IGSoC.

Telephone: +44 (0) 845 888 6060
Email: crest@gss.co.uk 
Website: www.gss.co.uk

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? No

Gotham Digital Science (GDS) is an information security consulting firm that works with clients to identify, prevent, and manage security risks.
Gotham Digital Science clients number among the largest financial services institutions and software development companies in the world, including FTSE 100, Fortune 100, and Global 500 firms.
Whether you need to assess your systems for possible vulnerabilities, ensure compliance with regulatory requirements, or ensure that your products are built securely, GDS provides comprehensive solutions.

Telephone: +44 (0) 845 643 9220
Email: crest@gdssecurity.com
Website: www.gdssecurity.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? No

HP Information Security offers a comprehensive portfolio of information security and infrastructure technology and services delivered by specialist Professional Support and Managed Services teams. This includes solutions for perimeter and network security, web and email content management, data loss prevention, application services, virtualisation, remote access, mobile working, identity and access management, protective monitoring, ISO27001 compliance and penetration testing.

Telephone: +44 (0) 1908 284554
Email: jim.hardisty@hp.com
Website: www.hp.com/info/security

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Information Risk Management plc (IRM) is an independent information security firm, founded in 1998 to provide leading edge information security advice to organisations across both the public and private sectors.

Offering a range of services from penetration testing, through PCI DSS consultancy and QSA work to training and security awareness programmes, IRM has built up an enviable reputation amongst its extensive client base.

IRM, a founder member of CREST, is headquartered in Westminster, London with a technical centre in Cheltenham.

Telephone: +44 (0) 207 808 6420
Email: info@irmplc.com
Website: www.irmplc.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Inner Security provides the full range of penetration testing services and all forms of security consultancy including solutions architecture, network forensics, and human security. We have a unique testing methodology and a desire to provide excellence in everything that we do.
We ensure that our people are highly professional and able to understand our customer's business and technical requirements in order to provide appropriate high quality solutions to them.

Telephone: +44 (0) 8450 098477
Email: info@inner-security.co.uk
Website: www.inner-security.co.uk

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? Yes

Telephone: +44 (0) 1256 300920
Email: info@mwrinfosecurity.com 
Website: www.mwrinfosecurity.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Nettitude delivers high quality Security testing and Compliance services across the UK and the US. As well as being a PCIDSS ASV and QSA company, Nettitude's consulting division is involved in the full Information Security lifecycle, delivering policy, procedure and technology based solutions. Security Testing is a core component of all of our engagements and we have one of the strongest lists of testimonials within this sector.

Nettitude is ISO9001, ISO27001, Investors in People, as well as a CREST and CLAS Consultancy.

Telephone: 0845 520 0085
Email: solutions@nettitude.com 
Website: www.nettitude.com

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

NGS Secure - The largest single Penetration Testing team in Europe, has been formed as a result of integrating NGS and NCC Secure Test. Both organisations have excellent reputations and proven expertise working with a wide range of clients on a global basis across all market sectors.

NGS Secure offers: expert security consultancy and penetration testing; forensics; PCI DSS services; social engineering; training, managed security monitoring services and security related software solutions.

Telephone: +44 (0) 161 209 5111
Email: pentest@ngssecure.com
Website: www.ngssecure.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Telephone: +44 (0) 1634 721855
Email: sales@nta-monitor.com 
Website: www.nta-monitor.com

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Telephone: +44 (0) 203 095 0500
Email: info@pentestpartners.com
Website: www.pentestpartners.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Penetration Testing is undoubtedly a specialist technical service. Delivering this service requires dedication and commitment by both the people delivering the service and the organisation that supports the people. Perspective Risk is an independent consultancy that specialises in penetration testing, we don.t dilute our offering or focus away from our core service. Together with our independently verified processes (ISO9001, ISO27001, CREST Member) you can be sure you will receive an exceptional service.

Telephone: +44 (0) 1604 521111
Email: info@perspectiverisk.com
Website: www.perspectiverisk.com

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Portcullis Computer Security is a leading UK specialist in Information Assurance (IA) Services. Formed in 1986 our history and pedigree are unrivalled. Over three decades we have provided Security Assessment and Computer Forensic Services to public and private sector organisations.

Our services form the cornerstone of a client’s Risk Management and Reduction processes, providing unbiased advice, a thorough identification of technical risks and clear structured mitigation strategies.

Portcullis proudly supports the CREST and CHECK schemes.

Telephone: +44 (0) 208 868 0098
Email: enquires@portcullis-security.com 
Website: www.portcullis-security.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

At PricewaterhouseCoopers we ensure that a true, reflective threat scenario is the starting point for any testing. This allows us to tailor the testing performed to maximize value for you. All of our testing is bespoke and in response to the real world threat scenarios experienced by our global client base.

Telephone: +44 (0) 7841 490449
Email: jay.d.abbott@uk.pwc.com
Website: www.pwc.co.uk/informationsecurity

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

ProCheckUp were formed over a decade ago, specializing in web application testing. Today, our services include penetration testing, code reviews, PCI DSS auditing and training. Communication is paramount during all our projects and we strive to maintain a personable approach, offering guidance from the initial scoping phase through to the presentation of our findings and remediation.

Telephone: +44 (0) 207 307 5001
Email: info@procheckup.com
Website: www.procheckup.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? Yes

For over fifteen years, QinetiQ's Security Health Check team has assisted government, law enforcement, defence and commercial customers by expertly simulating attacks against their systems and networks. Every engagement performed by the QinetiQ team is tailored to a customer's specific requirements. Engagements can include:

Infrastructure testing
Application testing
Wireless testing
VoIP testing
On-host auditing
Bespoke products assessments
Social engineering
'Red teaming': the ultimate, practical, real-world assessment of an organisation's security posture.

Telephone: +44 (0) 1684 896666
Email: shc@shc.qinetiq-tim.net
Website: www.qinetiq.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? Yes

Sec-1 Ltd is an independent security consultancy based in the UK and founded in 2001.

Our work is backed by extensive research and development to ensure that cutting edge testing techniques are adopted across all of our assessment services.

CREST penetration testing
Application testing by CREST accredited consultants
Wireless (Wi Fi) Security Testing
Vulnerability Assessments
PCI DSS Scanning
Physical security testing and social engineering
Firewall testing

Telephone:  +44 (0) 113 257 8955
Email: info@sec-1.com 
Website: www.sec-1.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? No

SECFORCE is a leading independent penetration testing consultancy which
works with key organisations protecting their business infrastructure
from internal / external threats. Our CREST certified team follows and
maintains a strict code of ethics.

We provide a structured approach built on proven methodologies. We
ensure our reports provide complete recommendations of risk-rated issues
for effective creation of an structured risk mitigation plan. We ensure
close communication and provide top quality knowledge transfer to build
long term relationships.

We care.

Telephone: 0845 056 8694
Email: info@secforce.co.uk
Website: www.secforce.co.uk

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? No

In partnership with Paladion / Plynt, a team of 85+ Security Test Engineers, with delivery centres in UK, Germany, US, Canada, UAE, Malyasia and India, provide the following services:

Web application testing and certification
Security source code review
Penetration testing
Security configuration audit

The test team is ISO27001 certified, a PCI QSA and PCI ASV, and has won several industry awards for Enterprise Security Testing and Web Application Testing and Certification.

Telephone: +44 (0)845 2270 333
Email: crest@securityalliance.co.uk 
Website: www.securityalliance.co.uk/crest-approved

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? No

Telephone:  +44 (0)870 600 1667
Email: crest@7safe.com
Website: www.7safe.com

Certified Application Test Consultants? Yes
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? Yes

SpiderLabs® is the advanced security team within Trustwave focused on application security, incident response, pentesting, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and many hundreds of application security tests globally. In addition, the SpiderLabs Research team provides intelligence through bleeding-edge research and proof of concept tool development to enhance Trustwave's products and services.

SpiderLabs is both a CREST and CESG CHECK security services provider.

Telephone: 0845 456 9611
Email: jyeo@trustwave.com
Website: www.trustwave.com

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? No
CRT Qualified Consultants? Yes

Telephone: +44 (0) 207 984 2722
Email: dave.charlton@verizonbusiness.com
Website: www.verizonbusiness.com

Certified Application Test Consultants? No
Certified Infrastructure Test Consultants? Yes
CRT Qualified Consultants? No