An accreditation process and industry association for penetration testers has been launched.

Dubbed CREST (Council of Registered Ethical Security Testers), the association offers exams in two certification areas, infrastructure testing and web application testing. The Certification Examination is administered by CREST, and comprises two components: a written component and a practical component.

"Despite the widespread use of penetration testing, there has historically been a definite lack of agreed standards and practices. CREST was created in response to the need for regulated and professional security testers", said the council in a statement.

Companies have to pay a membership fee of £7,000, and the exams alone - for individual testers - cost £1,600. Successful candidates certification is valid for three years.

Although there are currently only 15 members, many more are pending, according to the council.