The CREST Penetration Testing Guide provides practical advice on the establishment and management of a penetration testing programme, helping organisations to conduct effective, value-for-money penetration testing as part of a technical security assurance framework. It is designed to enable organisations to prepare for penetration tests, conduct actual tests in a consistent, competent manner and follow up tests effectively.
The Guide presents a useful overview of the key concepts that need to be understood to conduct well-managed penetration tests, explaining what a penetration test is and is not, outlining its’ strengths and limitations, and describing why an organisation would typically choose to employ an external provider of penetration testing services to help plan for and undertake tests effectively, ensuing that vulnerabilities are identified and remediated.
The Guide presents a useful three stage approach and provides advice and guidance on how to take the required actions to:
Download the CREST Penetration Testing Guide here (PDF)