Understand how Red Teaming can be your ultimate strategic "Sanity Check" Register now ›
Apply industry-recognized application security standards, certify your application, and go to market with confidence.
Bishop Fox utilizes the App Defense Alliance (ADA) Framework based on technical controls from the OWASP Application Security Verification Standard (ASVS) to test your applications and ensure the security of user data.
You will need to have your assessment notification ready.
This is typically an email notification from the App Defense Alliance Framework User (i.e., Google) indicating that you are required to complete a CASA assessment. This includes the tier of the assessment you are required to complete and the due date.
As an authorized lab, Bishop Fox provides Tier 3 assessments only.
To get started, please fill out this form.
Thank you for submitting your request.
One of our CASA team members will be getting back to you within the next 24 hours.
Have a great day!
Complete and submit the form above including your project number and due date to access the Bishop Fox CASA scoping survey. This short, one-page survey will help us expedite the process and kick off the testing project in an efficient manner.2. Submit your Bishop Fox CASA scoping survey.
As soon as your scoping survey is completed, you can email it to [email protected] After that, we will be in touch to schedule a meeting and review it with you.3. Kick off your project.
Once your submission has been reviewed, we’ll prepare a statement of work. When that is signed, the project begins.
Alternatively, if you’ve worked with us before and you’re looking to perform your annual CASA test revalidation, visit our page for returning customers here.
With 700+ partner security assessments, we’re one of the most experienced authorized App Defense Alliance testing service providers on the market.
Partner with the brightest minds in application security to test for vulnerabilities that attackers can exploit, while approving your application for App Defense Alliance Framework Users.
We deliver reporting on the engagement process, findings, and remediation recommendations aligned to OWASP ASVS.
We have a "world-class" NPS score of 87+ on our Google Partner Security Assessments. Rest assured; you’ll have a positive experience working with us.
26 of the Fortune 100 and 8 of the top 10 global tech companies trust us with their offensive security needs.
Require a mobile app penetration test in addition to a CASA assessment? Our resources means you can easily expand the scope of your project with us and create efficiencies.
When Google needed to ensure that their user data was being handled securely, they partnered with Bishop Fox to design a security assessment program that could validate the security posture of their partners and third-party apps. Now, with the advent of the App Defense Alliance, we’re ready to build on this foundation to deliver world-class testing services that ensures application safety of Google’s app ecosystem.
When will the assessment start?
Partners need to provide full project enablement (PE) items (e.g., test accounts, completed SAQ, etc.) before receiving a start date. This is to ensure that there are no delays to the project schedule.
How long will the assessment take?
Once all the paperwork is in place, fieldwork can typically take one to two weeks. After that, reporting and QA take up to one week for report delivery. This does not include remediation time if vulnerabilities are identified that require your fixes and Bishop Fox’s re-testing.
What will the scope of the testing be?
The focus of the penetration testing is the application that the framework user (e.g., Google) has indicated requires an assessment.
What will the scoping information be used for?
Information shared with us for scoping will be used to determine overall effort required for testing. The more accurate the scoping details are, the more accurate and cost-sensitive we can be with the scope and quote.
How will my sensitive data be handled?
All sensitive data will be stored, processed, and transmitted securely. Your Bishop Fox engagement manager can help set up a secure file share to use throughout the project.
We are rebuilding the application now and/or migrating it to a new infrastructure. Should we do the test now or later?
If it's possible to hold off (considering any deadlines given by the Framework User requiring the assessment, e.g., Google), it would be best to have the most up-to-date version of your application. This is to ensure we get appropriate coverage on any additional functionality or application changes that could affect testing.
We are interested in a standard Letter of Assessment in addition to the CASA Letter of Validation (LOV). Does this change the scope/cost?
Yes. We will need to review the scope and determine if additional testing is required to meet our standards for a general Letter of Assessment in addition to the CASA LOV. If you have a particular compliance requirement, please describe it and the framework, so we can consider it appropriately in scoping.
Where can I find the CASA Self-Assessment Survey?
We have a link to the CASA Self-Assessment survey here.
Chat with one of our CASA security experts to learn how we can support your security needs.