In urgent need of assistance from our Incident Response team? Click below to email directly and get support.
Get Support
Set up regular vulnerability scans for Web Apps & Infrastructure with our innovative SecurePortal
Learn More
PTaaS Packages For All Businesses
Distribute, manage and monitor remediation tasks effortlessly with PTaaS, powered by SecurePortal
View PTaaS Options
Need Our Assistance?
We now offer Incident Response Retainers helping you reduce damage from a cyber attack
Read
.webp)
What is a CREST OVS Web Application Assessment?
CREST OVS (OWASP verification standard) is a new standard that has been created by CREST that utilises the OWASP ASVS (Application security verification standard) methodology. This methodology is an in-depth approach to assessing the overall security of an application, its underlying server, and its operating system. This standard should be utilised by security mature companies that have performed standard penetration tests against their applications and are looking to understand the overall security of their applications, as opposed to their remote threat landscape.
Discover Vulnerabilities
Discover vulnerabilities that exist within your Web Applications before they're exploited.
More Detailed Approach
CREST OVS Web App Test looks at your process and source code for security risks
Show You're a Security Mature Organisation
Take security seriously and show your clients your web apps aren't vulnerable
Get a Quote
Answer a Few Questions & Get a Quote Straight to Your Email
There Are Two Levels to The CREST OVS Assessment
CREST OVS Web App Assessment has 2 levels of Testing
.webp)
CREST OVS Level 1
CREST OVS level one utilises the ASVS tier one methodology which takes an in-depth approach to assess the overall security of an application.
At this level, no access to source code is needed but significant client interaction and time with developers/system administrators is required.
CREST OVS Level 2
CREST OVS level two utilises the ASVS level two methodology which takes an even more in-depth approach to application security.
It likely requires access to source code, detailed documentation, and requires a lot of client interaction.
CREST OVS Level 1
CREST OVS level one utilises the ASVS tier one methodology which takes an in-depth approach to assess the overall security of an application.
At this level, no access to source code is needed but significant client interaction and time with developers/system administrators is required.
CREST OVS Level 2
CREST OVS level two utilises the ASVS level two methodology which takes an even more in-depth approach to application security.
It likely requires access to source code, detailed documentation, and requires a lot of client interaction.
What is the difference between a Penetration Test and a CREST OVS Web App Assessment?
A typical application penetration test is designed to assess the security of an application from a remote threat actor’s point of view, looking for any vulnerabilities that can be exploited without having access to the source code, underlying operating system, or detailed documentation.
A CREST OVS web application assessment covers the remote security of an application but it also focuses on the underlying operating system, and user accounts and examines technical documentation and internal processes to ensure these are up to a high standard.
For example, the consultant may require source code and detailed documentation describing each major data flow within the application. Due to a large portion of the methodology being points that cannot be determined remotely, this type of assessment requires significantly more client interaction than a typical Penetration Test.
.svg)
Find Critical Weaknesses
Assess Your Source Code
Review Application Processes
In-Depth Web App Test
Scoping & Intelligence Gathering
Our experts will listen to you and your needs to develop a tailored testing strategy. From here our consultants will use a wide variety of penetration testing tools and resources to gather information on your organisation.
Reporting & Remediation
Now the test is complete our consultants will fill out a detailed report of their findings, broken down by category and type, adding any remediation advice to the exploits and vulnerabilities they discovered. This data will be accessible via SecurePortal and follow up calls will be made to walkthrough the test and the steps required to remove the risks found.
Make Your Testing Experience Easier with SecurePortal
SecurePortal provides clients with a new way to monitor and analyse the data you receive in your penetration tests. Rather than a lengthy physical report you gain a range of simple features that highlight your test findings and vulnerabilities.
Easily access remediation advice from our team of consultants on discovered vulnerabilities and assign them to your team for fast and efficient resolution. Receive overview and trend data of all of the current security issues you face in your organisatio and so much more./
Key Benefits of the CREST OVS Web App Assessment
The CREST OVS Assessment for Web Applications is a thorough test that assesses not just the build of your web applications but also the processes and policies used in the build.
Improving customer confidence: Customers are becoming increasingly aware of the risks associated with data breaches and may avoid businesses that have a poor security record. By conducting the CREST OVS Web App Assessment and addressing any vulnerabilities, a business can show customers that it takes security seriously, which can lead to improved customer confidence and loyalty
Ensuring compliance with regulations: Many industries have regulations that businesses must comply with, and the CREST OVS Web App Assessment can help a business ensure that it is meeting those requirements. This can help the business avoid costly fines
Identifying vulnerabilities before attackers do: One of the main benefits of the CREST OVS Web App Assessment is that it can identify vulnerabilities in the business's web applications before attackers have a chance to exploit them. By detecting and fixing these vulnerabilities, the business can reduce the risk of a security breach and protect sensitive data
Why Does Your Business Require a CREST OVS Web App Assessment?
Businesses should aim to achieve the CREST OVS standard once they believe that they are a security mature organisation, that has already performed penetration tests against their application(s) and want a more in depth assessment.
.webp)
How Does the CREST OVS Web Application Assessment Work?
The service works in a similar manner to a standard penetration test, however, on top of providing us with a URL and credentials, we will need detailed technical documentation of each major logic flow throughout the application and also some time booked with developers and system administrators to ask questions about the underlying server’s operating system and it’s user accounts.
Pentest People are accredited to CREST and UK NCSC CHECK standards and can provide infrastructure penetration testing against all types of IT infrastructure used within your organisation
Experienced Consultant Team
Our Testing Team are CREST Accredited & Includes CHECK Team Leaders
Experienced & Accredited Testing Team For All Our Services
Penetration testing is a key component of any effective cybersecurity strategy, and it requires well-trained professionals to execute. Our consultant team needs are highly trained in order to test your business for vulnerabilities and identify potential threats before they cause harm. Our team have a deep understanding of the systems and protocols involved in protecting against hackers, malware, and data breaches.
- CHECK Team Leaders
- CREST Accredited consultant teams
- Experts in all areas of cybersecurity
See What Our Clients Have to Say About our Professional Services
“Pentest People stand out in the field of penetration testing due to the skillset of people they have working there. We undertook a complex bespoke pentest with them which required a lot of pre-work in order to make sure it was scoped correctly and they took the time to come onsite to make sure all was correct prior to commencing. From my experience with them, they are very intelligent people with a deep understanding of the security landscape and we will continue to use them for future testing requirements”.
"Pentest People has been a trusted partner in our Information Security audits, helping us achieve ISO27001:2013 and Cyber Essentials certifications. Their expertise, professionalism, and
customer-focused solutions have greatly improved our ICT infrastructure.
I highly recommend Pentest People to any potential client."
“Pentest People were efficient, knowledgeable and very supportive of our organisation making the jump from Cyber Essentials to accreditation to the ‘Plus’ upgrade. They were great to communicate with, delivered as promised and we will certainly use again when re-certification comes round."
“The SecureGateway allowed Pentest People to perform a quality penetration test while the tester worked remotely. The results and data collected by the consultant were at the level we would expect from a standard test, showing no real difference other than allowing us to proceed as normal”
“Pentest People have provided us with a very streamlined testing service, that can be easily reviewed using their SecurePortal. I’m pleased with the quality of the testing report and it has enabled us to feel more confident in our network security”.
“We used Pentest People to assist us with our security testing. They truly understand this area extremely well and gave us great reassurance on areas that we needed to improve.
Pentest People are truly experts in the security field and we would highly recommend them. They have great depth of knowledge and breadth of experience”
"Pentest People perform Web Application and Infrastructure Penetration Testing for Pharmacy2U. They are always professional to engage with, provide an excellent level of service and the addition of the SecurePortal makes receiving and interrogating the results of the service very easy indeed.We look forward to working with them in the future and trust the work they deliver."
Need More Info on Our Infrastructure Testing?
Frequently Asked Questions
What is the deliverable of the CREST OVS Web App Test?
The results of the assessment are uploaded to your SecurePortal account, with individual issues ranked in order of severity. The results will also contain a management summary with totals, key points, and detailed consultants comments, ensuring that vulnerabilities are presented realistically and in the context of your environment.
Learn Something New
Have a read of our blogs written by industry experts, covering topics from all areas in cyber.
Meeting Compliance With Threat Intelligence
This blog covers the basics of Threat Intelligence and how you can meet compliance by adding a Threat Intelligence solution into your defences. SecurePortal 2.10 now helps customers comply with ISO27001, DORA & PCI DSS with Real-Time Threat Intelligence and its free! Read our blog for more information.
SecurePortal 2.10 - Introducing Threat Intelligence
Stay ahead of global cyber threats with our powerful new Dashboard. Access over 30 live feeds for real-time, industry-specific insights. Customise your view to focus on what matters most, and empower your team with actionable intelligence. Enhance your situational awareness, streamline reporting, and meet compliance requirements—all through our user-friendly interface. Equip your organisation to proactively address risks and strengthen your security posture.
Cyber Security Trends to Look Out For in 2025
Dive into the future of cyber security as we gear up for 2025. We'll explore how AI is set to redefine threat detection, making it smarter and faster. As we become more connected, securing supply chains against vulnerabilities is more important than ever. Plus, with the rise of hybrid work environments, zero trust architecture is becoming a must-have to keep everything locked down and secure. It's all about staying one step ahead of the curve, so let's unpack what your organisation can do to tackle these challenges head-on and keep your digital world safe.
.webp)
