MDSec is an approved CBEST Penetration Testing and CREST STAR (Simulated Targeted Attack & Response) provider.

MDSec provide intelligence-led penetration testing services under the Bank of England CBEST, De Nederlandsche Bank’s TIBER and CREST STAR frameworks. Our assessment services, conducted by our dedicated ActiveBreach team, use actionable intelligence to simulate the tools, tactics and procedures used by real-world adversaries.

While STAR provides assessment to the same standards as CBEST there are some differences between the frameworks. STAR assessments are not directly managed by a regulator and therefore do not benefit from the Government cyber threat intelligence. CBEST is specifically designed for the financial services industry and the results are circulated among the UK financial authorities; STAR assessments are not sector specific and the results remain confidential the organisation.



The CBEST framework designed by the Bank of England (BoE), delivers intelligence-led penetration tests against the critical infrastructure of financial services organisations.

CBEST assessments source cyber threat intelligence from approved providers and central Government to define the threat actors and their associated tools, tactics and procedures that the target organisation may face.  This intelligence is then used to inform the second phase, allowing an approved penetration testing provider to simulate these threats.

The assessment uses a defined set of key performance indicators (KPIs) to assess the security and resilience of the organisation to targeted cyber-attack.

CBEST organisations have been rigorously vetted and assessed to ensure that the framework provides the highest available standards of assurance.


Simulated Targeted Attack and Response

Traditional penetration tests are typically restricted by a clearly defined scope, however real-world attackers are not limited by such constraints and can explore all potential avenues in to an organisation. STAR assessments can be used to simulate the actions of these threat actors and measure the overall maturity of an organisation, while exercising their security control framework.

STAR assessments are designed to achieve board level impact, and will help in understanding the overall resilience of your organisation to cyber-attack.

During a STAR assessment, MDSec work closely with your internal resources to provide real-time, in-depth visibility of the detection and response capabilities of your organisation. The output of the assessment will assist you in improving organisational defences, IR playbooks and detection resources.

Contact us to find out more about our CBEST, TIBER or STAR assurance services.

Ready to start testing your applications?

Speak to one of our industry experts and find out how MDSec can help your business.

+44 (0) 1625 263 503