Australia’s trusted cyber security partner
CREST Penetration Testing
Secure your organisation with Penetration Testing from Australia’s largest and most experienced team of certified testing experts.
- CREST certified Penetration Testing, tailored to your specific requirements
- Our team of experts are independantly assessed and certified by CREST
- CREST-led testing ensures detailed reporting and actionable recommendations
- Align with a globally recognised testing standard

CyberCX holds CREST membership as part of its assurance offering, which requires independent validation of its technical capability, governance, and staff competence. CREST assesses both the organisation and its practitioners against defined criteria covering penetration testing, threat intelligence, and incident response services. Maintaining that status involves periodic review rather than a one-off certification, so there is ongoing scrutiny of how work is planned, delivered, and quality‑checked. For clients, this gives a clear line of sight into the baseline CyberCX is held to when delivering security testing and advisory services.
In practice, working in line with CREST requirements means CyberCX applies consistent testing methodologies, keeps detailed engagement records, and handles sensitive client data under controlled processes. Reporting is expected to be evidence‑based and structured in a way that supports remediation, without overstating risk or impact. Staff performing this work are individually certified where required, which ties delivery quality to proven skill rather than internal claims alone. This approach helps ensure engagements are repeatable, findings can be relied on, and outcomes stand up to external scrutiny if needed.
Trusted cyber security partner to leading Australian organisations.
Ready to get started?
Secure your organisation with Penetration Testing from Australia’s largest and most experienced team of certified testing experts.
CREST Penetration Testing Services
Penetration Testing against your applications, networks and physical environment.
Web Application Penetration Testing
Web Services Penetration Testing
External Network Penetration Testing
Internal Network Penetration Testing
Mobile Application Penetration Testing
Wireless Penetration Testing
Operational Technology (OT) Penetration Testing
Social Engineering Assessment
Physical Penetration Testing
Thick Client Penetration Testing
Open Source Intelligence (OSINT) Assessment
Hardware, Embedded Systems, & IoT Penetration Testing Services
Artificial Intelligence (AI) Penetration Testing
Security Testing as a Service
Continuous Monitoring and Assurance
Endpoint Resilience Assessment
Objective Based Penetration Testing
PCI DSS Penetration Testing
Restricted Environment Breakout Testing
SAP Penetration Testing
Why partner with CyberCX for CREST Penetration Testing?
CyberCX are a CREST approved organisation with unmatched Penetration Testing capabilities and a strong local presence in Australia to deliver outstanding results.
We understand every organisation faces unique challenges. That’s why we tailor our Penetration Testing services to meet your specific requirements and help you achieve your desired outcomes.
Protect your digital assets and ensure operational resilience with comprehensive testing from Australia’s largest and most experienced team of certified testing experts.

Ready to get started?
Secure your organisation with Penetration Testing from Australia’s largest and most experienced team of certified testing experts.
Our Penetration Testing methodology
Our Penetration Testing methodology is a multi-layered approach based on world’s best practice.
Reconnaissance
Detailed information is gathered about systems, business processes, information flows and the technology that supports business operations.
Prioritisation & planning
Armed with essential information about the existing systems, our Penetration Testing team will prioritise the most likely threats your organisation faces.
Exploitation
CyberCX combines the use of advanced automated technologies, together with specialist manual techniques that have been honed over years of experience.
Reporting & remediation
Findings are prioritised according to risk level, providing for a clear, actionable list of remediation recommendations to harden your security posture.
Customer success story
“CyberCX appealed to us because it offered an end-to-end service from scoping, review and assessment, through to reporting and any required follow up. As a very busy internal technology team, we need partners who can listen to our needs and move independently as much as possible.”
Chief Technology Officer
Ravensdown
Ready to get started?
Secure your organisation with Penetration Testing from Australia’s largest and most experienced team of certified testing experts.
CREST Penetration Testing FAQs
Have a question about CREST penetration testing not covered here?
Contact our team and we’ll be happy to help.
CREST is an international not-for-profit, membership body representing the global cyber security industry.
Since 2006, CREST has led the cyber security community in raising the standards of cyber service providers and professionals, quality assuring the sector, and providing confidence to the buying community, government and regulators.
For the best penetration testing outcome, organisations should look for providers with recognised certifications such as CREST.
CREST certified providers have been independently assessed against rigorous professional standards and are trusted by governments, regulators and major organisations worldwide. They have a proven track record of delivering secure, reliable and high-quality penetration testing services.
The main difference is the level of independent assurance behind the provider delivering the testing. CREST penetration testing is delivered by a CREST accredited provider that has demonstrated it meets recognised industry standards for the knowledge, skills and capability required to perform penetration testing.
Standard penetration testing may be offered by providers without recognised industry accreditation. In some cases, a low quoted price may be indicative of a lack of industry accreditation.
A CREST penetration test can be tailored to evaluate the security of your applications, networks and physical environments that could be exploited by threat actors. There are many types of penetration testing, generally categorised as:
- Network Penetration Testing (External, Internal, SOE, Mobile Devices, Wireless)
- Application Penetration Testing (Mobile, Web, Web Service/API, Thick Client)
- Physical Security & Social Engineering
- Red Teaming (which encompasses any or all of the above)
Australia’s trusted
cyber security and cloud partner
Expertise at scale
More than 1,400 cyber security and cloud professionals delivering solutions to our customers.
Eyes on glass 24/7
Continuous monitoring of your network across our 9 advanced security operations centres globally.
Help when you need it
The region’s largest team of incident responders handle over 250 cyber breaches per year.
Assessing your needs
Industry-leading experts conduct more than 500 baseline security assessments per year.
Providing credible assurance
Our exceptional team of ethical hackers conducts over 3,000 penetration tests per year.
Training the next generation
The CyberCX Academy has trained 300 cyber security professionals in three years.
Cyber security services
End-to-end services covering every challenge throughout your cyber security and cloud journey.

