As an Authorized Lab for CASA, NST Cyber follows a multi-faceted & comprehensive assessment methodology based on OWASP Application Security Verification Standard (ASVS).
With Google (CASA Framework User) Initiated Assessments, NST Cyber as an authorized assessor verifies the app for CASA assurance level 2 or 3.
What to expect
Depending on the applicable set of controls, a combination of active and passive assessment methods will be adopted by NST Cyber for your Google CASA assessment. This might include Manual Penetration testing, Automated Scanning, Configuration Audit, and Security Architecture Review, and Secure Code Review.
CASA Self-Initiated Assessment
Developers can independently use the CASA framework to test the level of assurance of their applications and give their users more protection and confidence in the security posture of the applications they use. NST Cyber can help you in validating and declaring your apps security posture with CASA Tier 3 Self-Initiated Assessment.
As an Authorized Assessor, NST Cyber will give you a Letter of Validation (LOV) once your self-initiated Tier 3 evaluation has been completed. With the LOV in hand, you can proudly announce to the world that your app has been independently verified by the App Defense Alliance on both your app and website. Additionally, the CASA certificates will be available in App Defense Alliance directory as well.
Tier 3 Assessment
For Google or Developer Initiated Tier 3 CASA assessments, as an authorized lab NST Cyber will test and validate all CASA requirements and publish the Letter of Validation (LOV) once completed.
Tier 2 Assessment
NST Cyber provide end to end support in assessment and validation in case of Google initiated Tier 2 CASA assessment if developer opted for assessment and verification by an authorized lab.
CASA and OWASP ASVS
App Defense Alliance (ADA) uses CASA framework as a basis for testing cloud application technical security controls based on the OWASP Application Security Verification Standard (ASVS).
Know more about App Defense Alliance (ADA) and CASA:
EMPOWERING CUSTOMERS ACHIEVE SUCCESS IN
Google or Self-Initiated Cloud Application Security Assessment (CASA)
EFFECTIVE AND TIMELY
Vulnerability Management Orchestration (VMO)
With Rich Collaboration and Support Features.
NST Assure's Continuous Autonomous Penetration Testing, powered by the Vulnerability Management Orchestration (VMO) module, offers rich collaboration and control features for managing vulnerability remediation. Customers can access reports, trackers, POCs, and artifacts, schedule debriefing sessions, and plan the revalidation of findings with a seamless workflow. Vulnerability-specific support actions are available for Critical and High Severity observations, such as disputing observations, requesting more details, revalidating specific vulnerabilities, proposing new severity scores, or requesting additional information about findings.