HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 101 guests and 1 member online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow CREST Information
EH-Net
February 10, 2012, 06:55:28 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: CREST Information  (Read 6316 times)
0 Members and 1 Guest are viewing this topic.
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 3845


Editor-In-Chief


View Profile WWW
« on: September 01, 2010, 08:55:09 AM »
As many of you may know, CREST is a UK non-profit offering credentials in ethical security testing. They are making attempts to move out of just providing credentials in the UK and are moving into the US market and eventually go global.

I'd like to talk to any EH-Net reader about their thoughts and experiences with CREST. Please PM me with your thoughts on the org and their offerings.

For those who don't know, here is the about section:

Quote

CREST is a not for profit organisation and is governed by a formal Memorandum of Association (MOA) as a company limited by guarantee. Under this MOA, companies are invited to join a trade association as members, subject to certifying that they meet the minimum standards of ethics, methodologies, and technical capability.

In contracting a CREST member organisation to perform a security test, a client can feel secure in the knowledge that the work will be carried out to rigorous standards by qualified, knowledgeable individuals.

Penetration testing is a widely accepted method of assuring information security and has become an integral part of many organisations operational and technology risk management programs. Yet despite the widespread use of penetration testing, there has historically been a definite lack of agreed standards and practices.

CREST (Council of Registered Ethical Security Testers) was created in response to the need for regulated and professional security testers to serve the global information security marketplace. CREST`s main aim is to represent the information security testing industry and offer a demonstrable level of assurance as to the competency of organisations and individuals within those approved companies.

CREST is a standards-based organisation for penetration test suppliers incorporating a best practice technical certification programme for individual consultants. Additionally CREST provides its members with a framework of guidance including standards, methodologies and recommendations aimed at ensuring the very highest standards of leading-edge security testing


For more info:
http://www.crest-approved.org/

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
charliemong
Newbie
*
Offline Offline

Posts: 22



View Profile
« Reply #1 on: September 02, 2010, 09:00:35 AM »
Hi Don,

I would be interested it what you find about these guys as a company. The seven safe guys have mentioned that they do 2 courses that get you CREST qualified. Would just be out of interest now though.
Logged
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu
T_Bone
Full Member
***
Offline Offline

Posts: 190


View Profile
« Reply #2 on: September 04, 2010, 01:47:20 PM »
Yes, I have also heard the same thing from Ian Glover at a conference here in the UK recently.  I am hoping we get some answers to this one as CREST CCT Infastructure exam also gives you CHECK Team Leader status which is pretty much the certification Pen Testers in UK want to have.  They have also released an intermediate level CRT which is next on my list!
Logged
tturner
Sr. Member
****
Offline Offline

Posts: 313


View Profile WWW
« Reply #3 on: September 16, 2010, 04:06:32 PM »
NBISE is now accepting registration for beta CREST exams

http://nbise.org/certifications.php
Logged
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GSEC, OPSE, CSWAE, VCP, MCP, ITIL-F
impelse
Sr. Member
****
Offline Offline

Posts: 465


View Profile
« Reply #4 on: September 16, 2010, 08:36:13 PM »
I always see that certification. It looks interesting and pricy too.
Logged
CCNA, Security+, 70-290, 70-291
CCNA Security, Working Windows 7 70-680
JrGong
Newbie
*
Offline Offline

Posts: 3


View Profile
« Reply #5 on: September 22, 2010, 09:28:30 PM »
I am scheduled for the Oct. 18th to take the CRT in Orlando.  I currently hold a CCNA, CWNA, OSCP, Security+.  I have been looking around for study material for the CREST exams and it seems to be non-existent.  If anyone else is taking it and are interested in studying please feel free to drop me a pm.

Also for a little background, to be able to touch a .gov systems in the UK you have to be CHECK certified by CESG (guessing it's similiar to NSA here).  CREST certs are a requirement to become CHECK certified, so from what I understand CESG helped defined the objectives, etc.

http://www.gchq.gov.uk/about_us/cesg.html  <-- Info about CESG
http://www.cesg.gov.uk/products_services/iacs/check/index.shtml  <-- Info about CHECK

*Disclaimer*  This is just from what I have read and gather from talking to people in the UK
« Last Edit: September 22, 2010, 09:56:52 PM by JrGong » Logged
tturner
Sr. Member
****
Offline Offline

Posts: 313


View Profile WWW
« Reply #6 on: September 24, 2010, 12:31:29 PM »
I'm also scheduled for the CRT in Orlando. I'm still debating this week whether I'm actually willing to pony up 600.00 for an exam I don't know much about or if I'd be better off paying for that GCIH challenge I keep meaning to take (Am a class alumni but never took exam and will need for GSE). If anyone has more info I'd appreciate it. The following link may help in preparation.

http://www.crest-approved.org/crest-notes-for-candidates-CRT-v1.1.pdf

Feel free to hit me up in you want to coordinate study. For pentesting certs I have GPEN and GAWN only (in addition to CISSP, CISA and some other GIAC and other industry certs)
Logged
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GSEC, OPSE, CSWAE, VCP, MCP, ITIL-F
JrGong
Newbie
*
Offline Offline

Posts: 3


View Profile
« Reply #7 on: September 24, 2010, 01:21:53 PM »
Thought I would just also add that the pilot exam is the EXACT same exam as the one in the UK.  So if you take it you will be 'officially' CREST certified, regardless of what becomes of NBISE.
Logged
T_Bone
Full Member
***
Offline Offline

Posts: 190


View Profile
« Reply #8 on: September 25, 2010, 07:26:40 AM »
@ JrGong - There is indeed no "official" reading or training for the CREST certification. I know a few people whom have performed the CCT level certifications and they have confirmed that as long as you know the information on the syllabus and have a few years experience pen testng you should be ok.  It certainly IS NOT an easy certification and is very far from CEH level.  I am intending to do the CRT (intermediate level) here in the UK at the end of the year  Smiley

http://www.crest-approved.org/crest-technical-syllabus-v1.3.pdf
Logged
JrGong
Newbie
*
Offline Offline

Posts: 3


View Profile
« Reply #9 on: September 25, 2010, 05:28:11 PM »
Thanks for the info T_Bone.  I think I have most of the knowledge that is on the syllabus but I do not have any experience doing pentesting so I m brushing up on methodologies etc.
Logged
trighger
Newbie
*
Offline Offline

Posts: 2


View Profile
« Reply #10 on: October 30, 2010, 09:37:22 AM »
Having researched a lot of options I decided to take the CAST course because I wanted to prep for the CREST application tester exam and it is a hands on course aligned with CREST.

Having gained the CSTA and CSTP certs with 7Safe previously (I am in the UK), I found the CAST exam to be a major step up in terms of the learning level.  It is designed to make you think, and our instructor was an experienced pen tester. The exam was a series of challenges - and in the end about 30% of us managed a pass.

I understand this is being offered in the US as well, what with CREST becoming an international standard. 

http://www.7safe.com/application_security_training_course.htm
Logged
T_Bone
Full Member
***
Offline Offline

Posts: 190


View Profile
« Reply #11 on: November 15, 2010, 04:44:27 PM »
@ trighger

Wow that course does sound pretty difficult if only 30% passed. Sounds like it would be good prep for the CREST CCT level if this is the case Smiley
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.285 seconds with 24 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge Training: Build Security Skills to Protect and Defend

offsec_130x200-2_jan-feb2012.png
Offensive Security
AWE Live in the Caribbean!
March 5 - 9, 2012

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: Refer_EHN
Including SANS Phoenix 2012, SANS 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.