Special Notices

In light of the most recent Government advice on the global Coronavirus (COVID-19) outbreak, which includes avoiding contact and travel, CREST has taken the decision to temporarily close its Examination Centre in the UK from Wednesday 18th March 2020.

We will be continuously reviewing the situation and will keep candidates updated on when we will be able to reopen the centre. We will be working with Candidates to minimise the impact that the temporary closure of the centre has on them, and will be in contact with anyone who is personally affected. The health and wellbeing of all concerned had to be paramount when taking this decision.

If anyone has any questions about the closure please contact sally.fitzmaurice@crest-approved.org or exambookings@crest-approved.org

Please click here for detailed information regarding the new CREST and EC Council - Certification Equivalency Recognition Programmes


The CPSA course leads to the CREST Practitioner Security Analyst (CPSA) examination, which is an entry level qualification that tests a candidate’s knowledge in assessing operating systems and common network services at a basic level below that; of the main CRT and CCT qualifications.

Delegates are provided with a Pearson Vue exam voucher for the CPSA examination as part of the course fee. The CPSA examination also includes an intermediate level of web application security testing and methods to identify common web application security vulnerabilities. The examination covers a common set of core skills and knowledge that assess the candidate’s technical knowledge. The candidate must demonstrate that they are able to perform basic infrastructure and web application testing and interpret the results to locate security vulnerabilities. Success will confer the CREST Practitioner status to the individual. This qualification is a pre-requisite for the CREST Registered Penetration Tester (CRT) examination and comprises a multiple-choice examination. CRT is available as a separate course.

Target Audience

  • Aspiring information security personnel who wish to be part of a PenTest team
  • System administrators who are responding to attacks
  • Incident handlers who wish to expand their knowledge into Penetration Testing and Digital Forensics
  • Corporations and Government departments who wish to raise and baseline skills across all security teams
  • Law enforcement officers or detectives who want to expand their investigative skills
  • Information security managers who would like to brush up on the latest techniques and processes inorder to understand information security implications
  • Anyone who is considering a career in Penetration Testing


A good appreciation of the technical aspects of ICT. QAFCCS and or CISMP is recommmended.

Course Outline

Day 1

  • Intro
  • What is Cybersecurity
  • Security Concepts
  • Risk
  • VA & Pen Testing
  • Threat Modelling
  • Law & Compliance
  • Module Summary

Day 2

  • Network Overview
  • Networking Models
  • Network Types & Topologies
  • Networking Devices
  • Network Addresses & Protocols
  • Internet Protocol Suite
  • Module Summary

Day 3

  • Assessing Logical Ports
  • Organisational Security
  • Assessing Operating Systems
  • Windows
  • Module Summary

Module 4

  • Application Exploits
  • Web Server Exploits
  • Web Browser Exploits
  • Secure Application Design
  • Secure Coding
  • Auditing Applications
  • Module Summary

Module 5

  • Cryptography Application
  • Identity and Access Management
  • Cryptocurrency
  • Module Summary
Exam included - worth £0