Request a Demo Contact Us

CREST Certification


CREST certification is an accreditation that establishes professional standards for penetration testing. CREST (i.e., Council of Registered Security Testers) is a UK-based, nonprofit organization created in response to unregulated penetration vulnerability testing. The absence of penetration testing standards led to inconsistent methodologies and varying outcomes for testing subjects. CREST certification is available for organizations and professional-level certifications for individuals on several fronts, including penetration testing, cyber incident response, threat intelligence, and security operations center services.

Security researchers take CREST’s penetration testing qualification referred to as the CRT (or “CREST Registered Tester”) to earn CREST certification.

There are three levels of CREST certification, all requiring different levels of experience and expertise.

  1. CREST practitioner professional : Security researchers must take an entry-level exam and have one year of experience. At the Practitioner level, pen testers should be able to conduct routine assignments under general supervision.
  2. CREST registered professional : Security researchers must take more comprehensive exams than above and have more than three years of relevant and frequent experience. In addition, testers at this level should be able to undergo testing projects by themselves.
  3. CREST certified professional : Security researchers at this level must have at least five years of hands-on experience. Testers at this level are typically responsible for running complete testing projects independently and directing and managing pen-testing teams.

Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.

Get started with Bugcrowd

Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.