CREST OVS is a new accreditation that will have a series of new assessment criteria.
OVS stands for the OWASP Verification Standard.
The aim of CREST OVS is to set the standard for application security and provide increased levels assurance for application security assessments.
The program requirements are aligned to the OWASP Application Security Verification Standard (ASVS) and the Mobile Application Security Verification Standard (MASVS).
CREST member companies are audited against the program requirements. Members must be accredited to the CREST Penetration Testing Discipline. Members must also register employees suitably skilled in app security with us and these individuals must sign our Code of Conduct.
The main benefit for CREST OVS Accredited Providers is that they gain enhanced business opportunities in an app development market worth an estimated $200 billion annually, and growing.
Specific benefits include:
The main benefit to the app development buying community is that it signposts and gives them access to quality-assured app security testing services for their businesses and products.
Specific benefits include:
Both the web development community and their clients benefit from the enhanced level of assurance provided by the CREST OVS Program.
Web development companies can market their services and products as tested by CREST OVS Accredited Providers helping them stand out in the marketplace.
Clients buying web development services can be assured that their apps are created by developers who have employed CREST OVS Accredited Providers to test the security of their applications.
For both the web developers and their clients there may be insurance benefits by aligning themselves with an internationally-recognised verification standard.
To apply for CREST OVS organisations must:
Having submitted an application via the CREST Member Portal, eligible members will receive immediate confirmation of receipt of the submission.
We aim to provide our first response to a new submission as soon as possible, but please be aware this could take 4 to 6 weeks.
Final approval of CREST OVS Accreditation is dependent on the feedback provided to members in our initial and subsequent responses to the submission, and on the member’s actions in response to feedback.
The CREST OVS Program is a new accreditation that will have a series of new assessment criteria.
The program will be charged at £2,000 ($2,500) per annum in addition to an organisation’s normal accreditation fees. The fees will go toward running and maintaining the program and a portion of the payment will be shared with OWASP who maintain the ASVS and MASVS components.
Click here for further details.
OWASP (Open Worldwide Application Security Project) is a not-for-profit foundation that works to improve the security of software.
OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All OWASP projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security.
CREST and OWASP have a shared vision of improving global app security standards
OWASP maintains the Application Security Verification Standard (ASVS) and Mobile Application Security Verification Standard (MASVS) to which the CREST OVS Program is aligned.
The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development.
The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalise the range in the coverage and level of rigor available in the market when it comes to performing web application security verification using a commercially-workable open standard.
This standard can be used to establish a level of confidence in the security of web applications.
The OWASP MASVS is a standard for mobile app security.
It can be used by mobile software architects and developers seeking to develop secure mobile applications, as well as security testers to ensure completeness and consistency of test results.