NTA Monitor

Latest News

New version of network scanning tool arp-scan released

15th March 2011 A new version of a respected and popular network scanning tool has been released. Read More

Tests show rise in number of vulnerabilities affecting web applications with SQL Injection and XSS most common flaws

1st March 2011 SQL injection and cross-site scripting (XSS) were the most common flaws found in web applications in 2010 according to results from tests carried out by NTA Monitor. Read More

Assess risk to manage effects of budget cuts

9th February 2011 Signs of economic recovery may be appearing in some industries, but for most organisations - particularly in the public sector - budget cuts and cost savings are here to stay for the foreseeable future. Read More

"Basic security threats not changed in 15 years"

1st February 2011 There may have been significant technological advances to the hardware and software organisations use, but according to Roy Hills, who co-founded NTA Monitor in 1996, the basic security threats have not changed in the last 15 years. Read More

New industry body is formed for security testers

Most of the major players in the UK security testing market have recently formed a new industry body called CREST, which stands for the Council of Registered Ethical Security Testers.

The concept of CREST came out of discussions that were started in early 2006 following CESG's decision to suspend the CHECK scheme. Up until then, CHECK had been very successful, but it had become a victim of its own success. Many companies looking for security testers, especially government bodies, regard CHECK accreditation an important aspect; especially as all members of a CHECK team must have Security Check (SC) clearance.

CESG couldn't cope with the demands of new companies wishing to join and penetration testers wishing to become certified as CHECK team leaders. The other issue with CHECK was that it was strictly speaking only applicable to government organisations and organisations that were part of the critical national infrastructure (CNI). This meant that it was not applicable to most commercial organisations, even though many such organisations still used CHECK membership to find security testing providers. Even though the CHECK scheme has since been restarted, it was felt that there was still a need for an industry body that was applicable to all organisations.

The aim of CREST is to become the gold standard for penetration testing companies and individuals. It is expected that it will run alongside CHECK, which will continue to be used by government organisations and the CNI.

Currently there are about twenty founder members and it is expected that CREST will be fully up and running by the end of this autumn.

CREST's mission is to:

Provide current and relevant information regarding new technologies and methods for those utilising IT security testing in their technology risk programs
Establish and maintain a standard of capability by which individuals and organisations performing IT security testing may be validated
Maintain and publish a register of those accredited organisations and individuals who have met the CREST standard