ProfessionalVendor-neutralCREST· issued from UK

CREST CRT

CREST Registered Penetration Tester

The CREST Registered Penetration Tester is a practical, UK-oriented certification that has established itself as an important industry standard for penetration testers, particularly in the UK market and for organizations with CHECK requirements. Unlike purely theory-based certifications, the CRT exam includes a technical, partially practical component in a controlled test environment. The combination of multiple-choice, flags, and short answers distinguishes CRT from pure CTF formats like OSCP. Outside the UK and Australia, market penetration is limited; internationally, OSCP is significantly better known. However, for testers seeking to work in the UK public sector or at CREST-accredited firms, CRT is effectively mandatory.

Official page at CREST ↔ Compare with another cert

Exam fee

$700

Ongoing

—

Study time

200–400 hrs

Delivery

Test center

Validity

3 yrs (renewal cycle)

› Quality score

29.0 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor

How well-defined and rigorous the exam blueprint is.

CREST Registered Tester ECO is well-defined and assessor-led.

8.0/10

Practical evidence

Hands-on labs / written reports vs pure MCQ.

Multi-hour written + practical assessment in CREST's lab.

7.5/10

Currency & upkeep

How aggressively content is kept current with the field.

Updates align to CREST cadence.

7.0/10

Market recognition

How often this signal actually moves a hiring decision.

Default UK consulting pentest credential below CCT tier.

6.5/10

› Exam format

Practical-based: Infrastructure penetration test in controlled environment + multiple-choice. 1 day.

Retake policy

Fee: $750 per attempt

Wait: 30d between attempts

30-day wait typical. Practical components may require longer waits.

› Recertification

Valid for 3 years. Renewal via proof of current activity + CPD.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

PD-WRL-007

Recognition

UKEUGlobal

Exam languages

› Core domains covered

The 1 domain this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A9Penetration Testing & Red Teaming

Methodology (OSSTMM, PTES), web/network/mobile pentesting, social engineering, purple teaming.

› Prerequisites

Experience

CREST CPSA or equivalent. Recommended: 2+ years pentest experience.

› Careers that commonly pursue this cert

Threat Intelligence Analyst

Analyze adversary behavior, track threat actors, and produce actionable intelligence that drives defensive decisions.

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain map Browse all certifications