International Cyber Expo International Cyber Expo
  • About Us
Saturday, 11 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

CREST membership body announces OWASP Verification Standard programme

CREST OSV will provide mobile and web app developers with greater security assurance

by Guru Writer
August 4, 2022
in Editor's News, Featured
Share on FacebookShare on Twitter

CREST, the international not-for-profit, membership body representing the global cyber security industry, in consultation with the Open Web Application Security Project (OWASP), has launched the OWASP Verification Standard (OVS), a new quality assurance standard for the global application security industry. CREST OVS provides mobile and web app developers with greater security assurance and accredited organisations with enhanced access to the growing app development industry.

CREST OVS measures an organisation’s ability to execute and deliver assessments related to Level 1 and Level 2 of the OWASP Application Security Verification Standard (ASVS) and OWASP Mobile Application Security Verification Standard (MASVS). The ASVS and MASVS are OWASP projects which have been developed by the technical AppSec community to establish an open-source framework of security requirements needed to design, develop and test secure mobile and web applications.

“CREST OVS sets new standards in web and mobile application security to provide the buyers of application security assessment services with the highest level of assurance,” said Rowland Johnson, president of CREST. “The programme has a series of explicit requirements that are designed to assess and harness the capabilities of an organisation, along with the skills and competencies of its individual security testers.”

CREST says it has been working closely with governments, regulators and multinational organisations focused on improving application security and it is expected that there will be high demand for both CREST OVS Mobile and CREST OVS Apps accredited services.

By leveraging ASVS and MASVS, it means CREST is now formally supporting the open-source community to build and maintain global standards.  “Both CREST and OWASP are non-profit organisations and we share a vision of increasing collaboration and open standards across the industry to build and maintain global cyber security standards,” added, Johnson.

Andrew van der Stock, Executive Director of the OWASP Foundation said: “This is a positive move for worldwide corporate and government adoption of the ASVS and MASVS projects. While the OWASP Top 10 risks project has built vital awareness of the importance of Application Security, I am excited to see the move towards using standards such as ASVS and MASVS to help organisations improve their application security in a structured and comprehensive way.”

To apply for the OVS programme, companies need to be accredited to the CREST Penetration Testing discipline. Organisations must also demonstrate at corporate level that they can meet the program requirements to execute and deliver Level 1 and Level 2 ASVS and MASVS services.

In addition, all organisations will need to ensure that their teams have completed CREST’s Skilled Person Register and have each signed the CREST Code of Conduct. For more information on eligibility and how to become CREST OVS accredited, have a look at the OVS pages on the CREST website.

ShareTweet
Previous Post

T-Mobile Retailer Found Guilty of $25m Fraud Scheme

Next Post

Ukrainian Law Enforcement Shut Down Large Russian Bot Farm

Recent News

Cyber Shield

UK Government Unveils AI Powered Cyber Shield to Strengthen National Cyber Defense

July 10, 2026
KnowBe4 phishing by industry

Healthcare, Hospitality and Construction Named UK’s Most Phishing-Prone Industries

July 10, 2026
hand typing on keyboard

CitrixBleed 2 exploited in repeatable attack chain culminating in DragonForce ransomware, researchers find

July 9, 2026
malware

Huntress Uncovers ‘Vibe-Coded’ Malware Used to Map Active Directory Environments

July 8, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol