Login to profile

What is CREST OVS?

A new era in accreditation

Developed in consultation with OWASP (the Open Worldwide Application Security Project), CREST OVS is a new quality assurance standard for the web security industry.

Organisations accredited under this program will get the opportunity to access a growing app development industry worth an estimated $200 billion globally. CREST OVS is aligned to OWASP’s Application Verification Security Standard (ASVS) and Mobile Application Security Verification Standard (MASVS).

ASVS and MASVS are frameworks developed by the technical app security community to establish a framework of security requirements needed to design, develop and test secure mobile and cloud apps.

The standards can be used by mobile and web software architects and developers seeking to develop secure mobile and web applications, as well as security testers to ensure completeness and consistency of test results.

CREST and OWASP are not-for-profit organisations and CREST OVS is part of their shared vision of increasing collaboration to build on and improve global cyber security.



Process overview


There are three steps to becoming CREST OVS accredited:

  1.   An accreditation process to ensure the organisation applying meets the program requirements
  2.   Registration of individuals with demonstrable skills and competencies in app security testing in the CREST Skilled Persons Register.
  3.   Attestation to a series of rules and principles defined within the CREST commercially Defensible Penetration Test.




The process in detail

Application and cost

The application process for CREST OVS is straightforward.

The annual fee is £2,000 ($2,500) in addition to the organisation’s normal membership fees. The fees go toward running and maintaining the program. A portion of the payment will also be shared with OWASP who maintain the ASVS and MASVS components. Click the button below for more information on cost.


Eligibility, applying & cost