For the best user experience please upgrade your browser

CREST OWASP Verification Standard (OVS) Program

CREST has worked with OWASP to create a quality assurance standard for web security. The CREST OWASP Verification Standard (OVS) Program is aligned with OWASP’s application security standard.

It is based on OWASP’s two application security standards:

  • Application Security Verification Standard (ASVS)
  • Mobile Application Security Verification Standard (MASVS)

The aim of CREST OVS is to set the standard for application security and provide increased levels of assurance for application security assessments.

How does CREST OVS benefit buyers?

The main benefit to the app development buying community is that it signposts and gives them access to quality-assured app security testing services for their businesses and products.

Specific benefits include:

Standardised, clear and concise web security reports

Enhanced market profile by using respected internationally-recognised web security assurance standard

Increased consumer confidence

Facilitates engagement with app store providers and other industry consumers

Improved opportunities to sell apps to other organisations in industries such as technology and financial services

  – CREST 2022

The benefits for a variety of people and cases are outlined here.

Why choose PTP?

We have a mass of knowledge and experience in mobile and web app and API testing with a huge variety of clients, from IoT device manufacturers to Industrial Control Systems, retail, and banking.

Our research is also testament to our ability, and our understanding of mobile and web app and API security issues. One example is our detailed understanding of API specific issues such as Insecure Direct Object References (IDOR) vulnerabilities.

We have discovered IDORs in home gym equipment, Cloud firewall management APIs, and smart locks amongst many things.

We also have a track record of responsible disclosure, to vendors whose products we found vulnerable to attacks due to weak / non-existent web app and API security. These include car alarm manufacturers, kids tracker watches, and car clamps.

Check our OVS accreditations here.

We operate in the US, UK, and Europe.