Vulnerability Management Solutions

RandomStorm Gains CREST Certified Application Tester Status

13.12.2011

Back to index

Security management and compliance specialist, RandomStorm, has announced that its senior security engineer, Robin Wood, has gained the Certified Application Tester qualification from the Council of Registered Ethical Security Testers (CREST). The CREST examination is a senior level qualification that measures candidates’ practical ability to discover vulnerabilities in Web applications. It is recognised as being the “gold standard” of security testing.

Following this latest accreditation, RandomStorm is now a CHECK Green Light company for both Web Testing and Infrastructure and has CHECK Team Leaders certified with both the CREST and TIGER schemes.

CREST works with organisations to understand current security testing requirements and translate these into course components. This standards-based approach has introduced proven expertise and professionalism to application security testing. The rigour of the qualifi-cations ensures that organisations that hire CREST companies will be working with profes-sionals with up-to-date knowledge of Web application vulnerabilities. This enables testers to advise companies on ways to improve their defences against the latest techniques used by hackers and cybercriminals.

Robin Wood (@digininja) stated, “I am delighted to have passed the CREST Certified Application Tester exam. Application vulnerabilities were at the root of the majority of the major security breaches this year and will continue to pose a threat as new applications are introduced. It’s important that we can help our customers to improve their security posture by identifying both common and less obvious vulnerabilities in their applications.”

Commenting on the latest accreditation, Andrew Mason (@masontech), Technical Director and co-founder of RandomStorm said, “CREST qualifications are the gold standard in web application testing and can only be achieved by security professionals at the top of their game. We congratulate Robin on successfully achieving this senior level and winning CHECK Team Leader status for web application testing for the RandomStorm team.”

RandomStorm provides vulnerability scanning and intrusion detection services to help companies in the public sector, retail, hospitality, financial and utility industries to improve their security posture. The company is a CESG CHECK security consultancy and certified as a Qualified Security Assessor and Approved Scanning Vendor by the Payment Card Industry Security Standards Council.

References:

Council of Registered Ethical Security Testers (CREST) website: http://www.crest-approved.org/certified_web_apps.html

CREST examinations overview - http://www.crest-approved.org/images/ist_table.jpg

Tiger Scheme qualifications http://www.tigerscheme.org/qualifications.php?ID=2

Veracode blog, Chris Wysopal, 5th December 2011, “Which of the 10 big breaches in 2011 were application security related?” http://www.veracode.com/blog/2011/12/which-of-the-10-big-breaches-in-2011-were-application-security-related/

For more information contact Robin Hill on 0845 643 0995 or robin.hill@randomstorm.com

About RandomStorm

www.randomstorm.com

RandomStorm is a UK-based network security company, focused on providing enterprise-level, proactive security management tools and services. The company's core products include: xStorm, an online perimeter vulnerability scanning service; iStorm a network security appliance that provides in-depth scanning of the entire corporate network topology; StormProbe an intrusion detection solution (IDS) with intelligent event correlation that alerts companies when critical assets are at risk and AirStorm, a cloud, or appliance-based IDS, to protect corporate wireless infrastructure.

These core products are supported by a range of complementary monitoring, alerting and remediation services developed under the RandomStorm Open Source Initiative. RandomStorm is a CESG CHECK security consultancy and a Qualified Security Assessor for the Payment Card Industry Data Security Standard (PCI DSS).