CREST OVS provides increased levels of assurance for application security assessments.
The program has been built in consultation with OWASP, and it measures an organisation’s ability to execute and deliver assessments related to OWASP’s Application Security Verification Standard (ASVS) and Mobile Application Security Verification Standard (MASVS) at Level 1 and Level 2 in both.
By leveraging the ASVS and MASVS, CREST is formally supporting the Open Source community to build and maintain global standards.
Organisations are required to apply to CREST OVS and demonstrate at the corporate level that they can deliver the program requirements.
In addition to this, to become accredited to OVS organisations need to ensure that their teams have all completed the Skilled Persons Register, and individually signed the CREST Code of Conduct.
CREST OVS has a series of explicit requirements designed to harness the capabilities of the organisation and the skills and competencies of its security testers. It will provide the highest levels of assurance to buyers of application security assessments.
This program will be able to offer higher levels of assurance to buyers of application security assessments services than any program that has been launched previously.
Based on OWASP’s ASVS and MASVS frameworks, the CREST OVS provides the industry with a comprehensive accreditation service that is founded on global open source standards.
Members can be assessed against the frameworks at both levels 1 & 2.
This ensures a rigorous process that delivers a world-class accreditation to successful applicants.
There is flexibility in the ASVS and MASVS to deliver a standards-based program for different industries.
The expectation is that CREST OVS Accredited Providers will signpost the right program for industry.
As part of the sign-off process, service providers will formally attest that they believe the ASVS/MASVS level chosen was correct.