If you’re searching for a CREST CRT alternative that tests the same practical penetration testing skills without the test centre booking, the CPSA prerequisite, and the £600+ price tag, CNPen and CAPen from SecOps Group are the closest like-for-like options available today. The CREST Registered Penetration Tester (CRT) is one of the most recognised penetration testing certifications in the UK, widely respected by governments, regulated industries, and CREST member companies. CRT covers both web application and network penetration testing within a single certification, and it carries specific weight for engagements tied to the NCSC CHECK scheme.
That recognition comes with logistical and financial requirements that exclude a large segment of qualified penetration testers worldwide. To sit the CRT, candidates must first pass the CREST Practitioner Security Analyst (CPSA), travel to a Pearson VUE test centre, work within a locked-down Kali VM, and wait up to five working days for a binary pass/fail result. CNPen and CAPen test the same core technical skills through a fully practical, online, on-demand format, with no prerequisites, no travel, instant results, and a combined price of $166 with code 75-OFF.
This comparison isn’t about questioning CRT’s credibility. It’s about whether practical penetration testing skills in 2026 can be assessed through a more accessible, flexible, and cost-effective model. For most candidates today, CNPen and CAPen are the clearest practical alternatives to the CREST CRT.
About CREST and the CRT
The CRT sits in CREST’s Registered tier (CREST stands for Council of Registered Ethical Security Testers), with the Practitioner-level CPSA below and the Certified-level CCT above. Its published syllabus runs across ten appendices: Appendix B covers core technical skills, Appendix G covers the web application scope. CREST member companies use the CRT to validate staff for engagements tied to the public sector and the NCSC CHECK scheme. CNPen and CAPen cover the same technical skill domains without the prerequisite structure or the test centre requirement, which is what makes them the closest practical CRT alternative.
The Philosophy Gap
Prerequisites: Gatekeeping or Quality Control?
The CRT requires candidates to hold a valid CREST Practitioner Security Analyst (CPSA) certification before they can book the exam. That’s an extra exam, an extra cost, and extra time before you’ve sat the one you actually want.
CNPen and CAPen have no prerequisites. We recommend two years of practical experience, but we trust candidates to self-assess. If you have the skills, you can demonstrate them immediately, on demand, without a certification acting as a gatekeeper.
Exam Venue: Test Centre vs Your Desk
The CRT exam must be taken in person at a Pearson VUE test centre. For penetration testers across Asia, Africa, South America, and parts of Europe, that means travel, lead-time booking, and rigid scheduling constraints. CNPen and CAPen are fully on-demand and online. Connect to the VPN and start when you’re ready, from anywhere.
Accessibility matters. A qualification that requires a flight or a long drive to a test centre creates barriers unrelated to pentesting ability. The community of registered ethical security testers extends well beyond the geography of Pearson VUE centres, and skill validation should reach all of it.
Tools: Restricted vs Real World
In the CRT exam, candidates use the Kali Linux VM running inside the Pearson VUE environment. They can’t bring their own tools or install anything new. Burp Suite Professional and Nessus Professional are licensed within the environment, but the restriction still means you’re not being tested in the setup you actually work in.
CNPen and CAPen let candidates use any pentesting tools they choose, with full outbound internet access to install whatever they need. This is how real penetration testing services are delivered. We’re not testing whether candidates can operate under artificial constraints. We’re testing whether they can hack.
Results: Immediate vs Five Working Days
Pass the CRT, and you’ll wait up to five working days for your result. Pass our practical exam, and you’ll know immediately. Making professionals wait nearly a week for a binary pass/fail result is unnecessary friction.
Retake Policy
Fail the CRT and the wait is eight weeks before retaking, with an additional fee per attempt. CNPen and CAPen include one free retake per purchase. For candidates on tight timelines or budgets, that gap matters: an eight-week wait plus another Pearson VUE booking fee versus an immediate second attempt at no extra cost.
Let’s Talk About Price
The CRT is listed at approximately £600 per attempt on CREST’s published pricing page, plus the CPSA prerequisite at approximately £275. Total entry cost runs past £875 before any retake fees, travel, or accommodation for the Pearson VUE centre visit.
CNPen and CAPen cover the same skill domains at a fraction of that cost, with a free retake included.
CNPen + CAPen: $83 each with the 75-OFF discount code. Original price $336. One free retake included. No prerequisite needed.
CREST CRT: approximately £600 per attempt via Pearson VUE. Add the CPSA prerequisite (approximately £275). Eight-week retake wait, additional fee per retake.
The pricing philosophy is simple: the barrier to demonstrating your skills should be as low as possible.
Exam Format Compared
Both formats have merit. CNPen and CAPen use a practical, 4-hour, 15-challenge, flag-based format with no report writing and no MCQs. Pure hands-on exploitation.
The CREST CRT examination is one practical assessment with 160 marks total, split across the Infrastructure section (100 marks) and the Web Applications section (60 marks). Candidates must score at least 60% in each section independently to pass. There’s no copy-paste into the answer sheet, so findings must be typed manually under time pressure. CREST publishes Top Tips for CRT candidates alongside the official syllabus and FAQs on its certification page.
Our model separates CNPen (network and infrastructure) and CAPen (web application) into distinct certifications, letting practitioners validate specific specialisations. The CRT covers both in one sitting, at the cost of depth in either area.
Full Comparison Table
Here’s how CNPen and CAPen stack up against the CREST CRT across cost, format, delivery, and recognition.
| Aspect | CNPen + CAPen | CREST CRT |
|---|---|---|
| Cost (exam only) | $83 + $83 = $166 with code 75-OFF | Approximately £600 per attempt + CPSA prerequisite (approximately £275) |
| Prerequisites | None (2-year experience recommended) | Valid CPSA certification required before booking |
| Exam Duration | 4 hours | 2.5 hours practical assessment |
| Exam Format | Practical: 15 flag-based challenges. No report. No MCQ. | Practical assessment with 160 marks total. Infrastructure (100 marks) + Web Applications (60 marks). |
| Pass Mark | 60% pass, 75%+ merit | 60% in each section independently |
| Delivery | Online, on-demand. Anytime, from anywhere. | In-person only. Pearson VUE test centre. Pre-booking required. |
| Tools Allowed | Any tool. Full internet access. Bring your own toolset. | Kali VM provided. Cannot install new tools. Burp Suite Professional and Nessus Professional are licensed in the environment. |
| Results | Immediate on exam completion. | Up to 5 working days after exam. |
| Retake Policy | 1 free retake included in the price | 8-week waiting period. Additional fee per retake attempt. |
| Scope | CNPen: Network, Active Directory, cloud, Linux, OSINT. CAPen: OWASP Top 10, injections, web auth, APIs, cloud misconfigs. | Infrastructure + web application in one exam. Network services, Windows/Linux, databases, web frameworks. |
| Certificate Validity | No expiry (version and date noted) | Check CREST guidance for renewal terms |
| Official Training | Independent examining body. No training sold. Syllabus-led self-study. | No official CREST training. Third-party training providers available. |
| Industry Recognition | Growing globally. Listed in Synack SRT pathway. Backed by CREST-accredited The SecOps Group. | Recognised by UK NCSC (CHECK scheme), governments and regulators globally. |
Syllabus Overlap
The skill domains tested by CNPen + CAPen combined overlap significantly with the CRT syllabus. The CREST CRT syllabus and the combined CNPen and CAPen syllabus cover most of the same penetration testing skills. Both test Active Directory exploitation, OWASP Top 10 web vulnerabilities, network enumeration, privilege escalation, and exploitation techniques used in real-world penetration testing engagements. The ★ symbol marks areas unique to each certification.
| CNPen + CAPen Coverage | CREST CRT Coverage |
|---|---|
| ✓ OSINT and reconnaissance techniques | ✓ DNS, SOA, MX records and passive reconnaissance |
| ✓ Network mapping and host discovery | ✓ Network mapping, VLAN, IPv4, TCP/UDP |
| ✓ Brute-force attacks | ✓ Traffic analysis (PCAP) |
| ✓ Vulnerability identification and exploitation | ✓ Unencrypted services (Telnet, FTP, SNMP) |
| ✓ Nix privilege escalation and file permissions | ✓ TLS/SSL, SSH, RDP, VNC, X11 |
| ✓ Windows Active Directory attacks (on-prem) | ✓ SMB, LDAP, NFS, Kerberos |
| ✓ Kerberoasting, Golden/Silver Tickets | ✓ Windows enumeration and exploitation |
| ✓ Lateral movement and persistence techniques | ✓ Active Directory attacks |
| ✓ OS credential dumping and replay attacks | ✓ Linux/Unix enumeration and exploitation |
| ✓ Insecure protocols and services | ✓ Desktop lockdown bypass |
| ★ Docker and container security scenarios | ★ Routing manipulation |
| ★ Cloud AD and AWS/Azure misconfigurations | ★ Vulnerability scanner interpretation (Nessus) |
| ✓ OWASP Top 10 vulnerabilities | ✓ Web server and framework assessment |
| ✓ SQL Injection, XSS, CSRF, XXE | ✓ Web auth and authorisation flaws |
| ✓ SSRF and IDOR | ✓ Input validation: XSS, SQLi, command injection |
| ✓ Authentication and session management flaws | ✓ Session management and CSRF |
| ✓ TLS security misconfigurations | ✓ Parameter manipulation and directory traversal |
| ✓ Insecure file uploads and directory traversal | ✓ File uploads and web app logic flaws |
| ✓ Business logic flaws | ★ Database assessment: MSSQL, MySQL, Oracle |
| ✓ Practical cryptographic attacks | |
| ★ AWS S3 bucket misconfigurations |
CNPen and CAPen go further into cloud environments, modern Active Directory attack techniques (Kerberoasting, Golden Tickets), and container security. These topics reflect the 2025/2026 real-world attack surface more accurately. The CRT goes deeper into routing manipulation and dedicated database assessment (MSSQL, Oracle, MySQL enumeration).
Who Should Choose What?
Choose CNPen + CAPen if you…
- Want to demonstrate practical hacking skills quickly and affordably
- Work globally or remotely and can’t travel to a Pearson VUE centre
- Want an on-demand certification without travel or pre-booking
- Are in CRT exam preparation and want a cost-effective skills benchmark first
- Value modern syllabus coverage including cloud and container scenarios
Choose CREST CRT if you…
- Work in a UK-regulated environment or for a client that specifically requires CREST credentials
- Are building towards NCSC CHECK team membership
- Work at or for a CREST member company where CRT is part of the formal career pathway
These two paths aren’t mutually exclusive. Many practitioners hold both, using CNPen and CAPen to continuously sharpen and validate skills affordably, while pursuing CRT for the institutional recognition it carries in certain sectors. If you’re in CRT exam preparation, our certifications are a cost-effective way to pressure-test your readiness before committing to the full fee.
Why CNPen and CAPen Are the Best CREST CRT Alternative
For most penetration testers, CNPen and CAPen now sit at the top of the list of practical CREST CRT alternatives, and for clear reasons:
Same practical assessment model. Both test real exploitation against live systems, not multiple choice questions or short-form answers.
Same skill domains. Network enumeration, Active Directory attacks, web application vulnerabilities, privilege escalation, and exploitation of known vulnerabilities all sit in both syllabi.
Fraction of the cost. $166 combined versus a CRT path that exceeds £875 once the CPSA prerequisite is factored in.
No gatekeeping. No prerequisite certification. No test centre. No eight-week retake wait.
Backed by a CREST-accredited examining body. SecOps Group is itself CREST-accredited, which means the certifications are built and assessed by practitioners working to the same professional standards CREST publishes.
The only reason to choose CRT over this alternative is if a specific employer, contract, or compliance framework names CRT explicitly. For everyone else, the practical skills validation is the same, and the cost shouldn’t be ten times more.
Our Honest Take
The CREST Registered Penetration Tester is a legitimate and well-respected certification with a clear role in UK security. We have no interest in dismissing it. What we do believe is that the industry should make skill validation accessible, not gatekept behind prerequisites, expensive test centre bookings, and multi-day result waiting periods. CNPen and CAPen exist to prove that you can have rigorous, practical, respected CREST alternatives at a price that doesn’t exclude penetration testers in developing markets or those early in their careers. The skills are the same. The cost shouldn’t be ten times more.
FAQ
The CREST Registered Penetration Tester (CRT) is a UK-recognised penetration testing certification that covers both network and web application security testing. It’s recognised by NCSC CHECK and respected across UK government and regulated industries.
Yes. Both are fully online, on-demand certifications. Connect via VPN, use your own tools and setup, and start when you’re ready, from anywhere in the world. There’s no test centre booking, no fixed schedule, and no travel required.
CRT is listed at approximately £600 per attempt via Pearson VUE on CREST’s published pricing page, plus the mandatory CPSA prerequisite at approximately £275. Total entry cost exceeds £875 before any retakes, travel, or accommodation.
Yes. Candidates must hold a valid CREST Practitioner Security Analyst (CPSA) certification before booking the CRT exam.
The CRT has 160 marks split across Infrastructure (100 marks) and Web Applications (60 marks). Candidates must score at least 60% in each section independently. Failing either section means failing the whole exam, even if the combined total exceeds 60%.
CNPen and CAPen from SecOps Group test the same practical penetration testing skills as CRT, with no prerequisites, no test centre requirement, and a combined cost of $166 with the 75-OFF code. They’re built by a CREST-accredited examining body, making them the closest like-for-like practical alternative on the market.
Same practical skills assessment. No prerequisite certification. No test centre booking. Instant results instead of a five-day wait. Free retake instead of an eight-week wait plus extra fee. Combined cost under $200 versus £875+ for the CRT path. The reason to choose CRT over this alternative is specific employer, contract, or compliance frameworks that explicitly name CRT.
CNPen is used by penetration testers in over 100 countries and is backed by the CREST-accredited SecOps Group. While the CRT carries specific weight in UK public sector and CHECK scheme engagements, CNPen is internationally recognised as a hands-on penetration testing certification.
CREST publishes its own Top Tips for CRT candidates on the official CRT page alongside the syllabus and FAQs, and that’s the starting point. Beyond that: practise with a locked-down Kali VM under no-internet conditions, work through the official syllabus appendices, get comfortable with Burp Suite Professional and Nessus Professional (the two tools licensed in the exam environment), and rehearse typing findings into the answer sheet without copy-paste. Many candidates use CNPen and CAPen as a cost-effective benchmark before committing to the full CRT fee.
Ready to Test Your Skills?
On-demand. From anywhere. Results in minutes. Free retake included. Use code 75-OFF.
CNPen: https://pentestingexams.com/certifications/professional/certified-network-pentester/
CAPen: https://pentestingexams.com/certifications/professional/certified-appsec-pentester/
About The SecOps Group
A globally recognised IT security company providing CREST-accredited consultancy and independent certification services. Our certifications are used by penetration testers in over 100 countries. We do not sell training. We test skills.
