There are many companies and individuals offering Penetration Testing (aka Pen Test) some with and some without Certifications.
People make mistakes, which is why there are mistakes in code that cause vulnerabilities. This also means the Penetration Tester being human, will also make mistakes and potentially miss finding vulnerabilities. So the question is how do you make sure you have the highest quality of Penetration Test to find as many of the vulnerabilities in your platform?
The first step is checking the Cyber company is CREST approved which for Australia would be this list: https://www.crestaustralia.org/approved.html
Being CREST approved means the Cyber company has been audited for their systems and processes to make sure they can provide a consistent and quality Penetration test.
Further to this there are certifications for the individual person but most of these are too easy to get so not very relevant except for OSWA, OSWE and OSCP. These provide a good indication that the person is capable to do penetration testing, but only if they have the correct systems and processes i.e. they are in a CREST approved Cyber company.
The other thing to look at would be external confirmation such as their google reviews.
If you are interested in a High Quality Penetration Test reach out to CREST Approved Vertex Cyber Security.
