Get more info about setting up a new chapter in your area.
The format is the same for both the Infrastructure and Application Certified Tester exams. The candidate will be expected to possess not only the technical ability to find security weaknesses and vulnerabilities, but also the skills to ensure findings are presented in a clear, concise and understandable manner. The examination consists of three tasks:
To pass the exam, the candidate must pass all sections. The written element of the examination is delivered at Pearson Vue test centres; the practical element of the examination is delivered at a CREST examination centre. Candidates must hold a valid pass in the written element of this examination in order to book to sit the practical element.
You can download the following documents from the links below:
In-depth exam insights from a CREST Assessor.
Syllabus for the Certified Web Application tester examination
Notes for Candidates to aid examination preparation
Sample CCT Application Practical Paper
Sample CCT Application Scenario Paper
For costs and availability please refer to individual country booking.
Individuals undertaking this examination can request that their information be provided to the NCSC to be considered for CHECK Team Leader (Web Applications) Status.
Recommended Preparation Material
The CREST Assessors panel regularly identifies common themes and consolidates common questions and answers from candidates and from the industry in relation to the CREST certification examinations. Candidates are advised to familiarise themselves with these, although they are free to disregard them if they wish.
CREST recommends that candidates familiarise themselves with the content in our FAQS which have been created specifically for those attempting a practical examination.
The following material and media have been cited as helpful preparation for this examination by previous candidates:
Web Application Hacker’s Handbook (1st & 2nd Editions)
The Browser Hacker’s Handbook
Hacking Exposed 7: Network Security Secrets and Solutions (by Stuart McClure/Joel Scambray/George Kurtz)
The Oracle Hacker’s Handbook: Hacking and Defending Oracle (by David Litchfield)
SQL Injection: Attacks and Defence (by Justin Clarke)
Network Warrior (by Gary A Donahue)
http://vulnhub.com/ – Practical testing at speed, for example against vulnerable vmware images
How to Book – Practical Element
The practical element of this exam is only available at a CREST Exam Centre. Please complete the booking form for your region and email it to [email protected].
Australasia Examinations Booking Form
Singapore Examinations Booking Form
UK Examinations Booking Form
Useful Information for Candidates
Details of the Logistics and Timings of CREST examinations can be found in the Examination Preparation pages for your country of choice
CREST’s Policy for Candidates requiring special arrangements including additional time to accommodate a medical condition (including examinations delivered via Pearson Vue.
Terms and Conditions for CREST Examinations (includes hard disk drive wiping policy)