We've been preferring structured (M)ASVS assessments over exploratory pentests for years and now CREST is getting onboard with OWASP to bring more value to pentesting.

CREST, an international not-for-profit, membership body representing the global cyber security industry, has just announced their OWASP Verification Standard (OVS) programme, heralding a new quality assurance benchmark for the global application security industry.

Developed in consultation with the OWASP (Open Web Application Security Project) Foundation, the programme “provides mobile and web app developers with greater security assurance and accredited organisations with enhanced access to the growing app development industry.”

Underpinned by OWASP’s Application Security Verification Standard (ASVS) and Mobile Application Security Verification Standard (MASVS) the OVS programme furthers their mission of building trust in the digital world by raising professional standards and delivering measurable quality assurance for the global cyber security industry.

Secure Delivery has long advocated the value of ASVS and MASVS over traditional penetration testing and, with strong links to the OWASP Foundation, will be pleased to add its name to CREST’s register of trusted providers.

Grant Ongers, CTO and founder of Secure Delivery, and OWASP vice-chair said: “As one of the co-leaders of the OWASP Application Security Curriculum project (building materials off the ASVS) and as a staunch advocate for the adoption of the (M)ASVS instead of traditional penetration testing methods I applaud this news. CREST will hopefully help bring OWASP actual best practice standards for what it takes to build a secure system into how those systems are tested.

Who would have thought that back in 2017 when we performed our first ASVS review with a client in place of a traditional penetration test that one day the rest of the world would see the huge advantages in doing it this way!”


If you also struggle to see the value in traditional pentesting and are interested in a structured, repeatable approach that brings real value and actionable, understandable output for your product development teams then get in touch with us using our contact form below. We’d love to help you implement a modern, scalable way of securing digital development at your organisation.


Share this Post: