Select Page

In today’s world of automated hacking systems, frequent data breaches and consumer protection regulations such as GDPR and PCI DSS, penetration testing is now an essential security requirement for organisations of all sizes. But what should you look for when choosing the right provider?

The sheer number of providers can be daunting, and finding one which can deliver a high-quality test at a reasonable price is not easy. How do you know if they’re any good? What level of security expertise was included in the report? Is your application secure, or did the supplier simply not find the weaknesses?

There are no easy answers, but you can make it easier by asking the right questions up front. The most important considerations fall into three categories: certifications, experience, and price.


Certifications are the best place to start, as they provide a quick shortcut for building trust. There’s no shortage of professional certifications available, but one of the most well-recognised is CREST (Council of Registered Ethical Security Testers).

CREST was set up by the UK’s leading pen testing consultancies precisely to solve this problem, and it is now an internationally-recognised hallmark of quality for a variety of cyber security disciplines.

images from Hacker News