Cloud & Mobile Application Security Assessment
CASA & MASA
Apply industry-recognized application security standards, certify your application, and go to market with confidence.
Bishop Fox utilizes the App Defense Alliance (ADA) Framework based on technical controls from the OWASP Application Security Verification Standard (ASVS) to test your applications and ensure the security of user data.
d88P Y88b d8888
888 888 888
888 888 888
888 888 888
888 888 888
Y88b d88P 888
"Y8888P" 8888888
GETTING STARTED
WHAT DO I NEED TO GET STARTED?
You will need to have your assessment notification ready.
This is typically an email notification from the App Defense Alliance Framework User (i.e., Google) indicating that you are required to complete a CASA or MASA assessment. This includes the tier of the assessment you are required to complete and the due date.
PREPARING YOUR SUBMISSION
HOW DO I GET TO TESTING WITH BISHOP FOX?
1. Request your assessment
Complete and submit the form on the right including your tier and due date to access the Bishop Fox CASA or MASA scoping survey. This short, one-page survey will help us expedite the process and get to kicking off the testing project in an efficient manner.
2. Submit your Bishop Fox CASA or MASA scoping survey
As soon as your scoping survey is completed, you can email it back to us at [email protected]. After that, we will be in touch to schedule a meeting with you to review it.
3. Kick off your project
Once your submission has been reviewed, we’ll prepare a statement of work. When that is signed, the project kicks off.
Alternatively, if you’re worked with us before and you’re looking to perform your annual revalidation test, visit our page for returning customers here.
To get your CASA or MASA started, please fill out this form.
By submitting this form, you indicate that you have read and agree to the terms of our Privacy Policy
Thank you for submitting your request.
One of our team members will be getting back to you within the next 24 hours.
Have a great day!
d88P Y88b d88P Y88b
888 888 888
888 888 .d88P
888 888 .od888P"
888 888 d88P"
Y88b d88P 888"
"Y8888P" 888888888
KEY BENEFITS
Why Should I Work With Bishop Fox?
Authorized and Experienced Testing
With 900+ partner security assessments, we’re one of the most experienced authorized App Defense Alliance testing service providers on the market.
Application Security Experts
Partner with the brightest minds in application security to test for vulnerabilities that attackers can exploit, while approving your application for App Defense Alliance Framework Users.
Actionable Reporting
We deliver reporting on the engagement process, findings, and remediation recommendations aligned to OWASP ASVS.
World-Class Customer Experience
We have a "world-class" NPS score of 87+ on our ADA Application Security Assessments. Rest assured; you’ll have a positive experience working with us.
Trusted by Industry Leaders
26 of the Fortune 100 and 8 of the top 10 global tech companies trust us with their offensive security needs.
Augment with Additional Testing Options like MASA
Require a mobile app penetration test (MASA) in addition to a CASA assessment? Our resources means you can easily expand the scope of your project with us and create efficiencies.
d88P Y88b d88P Y88b
888 888 .d88P
888 888 8888"
888 888 "Y8b.
888 888 888 888
Y88b d88P Y88b d88P
"Y8888P" "Y8888P"
FREQUENTLY ASKED QUESTIONS (FAQ)
YOU HAVE QUESTION. WE HAVE ANSWERS.
When will the assessment start?
Partners need to provide full project enablement (PE) items (e.g., test accounts, completed SAQ, etc.) before receiving a start date. This is to ensure that there are no delays to the project schedule.
How long will the assessment take?
Once all the paperwork is in place, fieldwork can typically take one to two weeks. After that, reporting and QA take up to one week for report delivery. This does not include remediation time if vulnerabilities are identified that require your fixes and Bishop Fox’s re-testing.
What will the scope of the testing be?
The focus of the penetration testing is the application that the framework user (e.g., Google) has indicated requires an assessment.
What will the scoping information be used for?
Information shared with us for scoping will be used to determine overall effort required for testing. The more accurate the scoping details are, the more accurate and cost-sensitive we can be with the scope and quote.
How will my sensitive data be handled?
All sensitive data will be stored, processed, and transmitted securely. Your Bishop Fox engagement manager can help set up a secure file share to use throughout the project.
We are rebuilding the application now and/or migrating it to a new infrastructure. Should we do the test now or later?
If it's possible to hold off (considering any deadlines given by the Framework User requiring the assessment, e.g., Google), it would be best to have the most up-to-date version of your application. This is to ensure we get appropriate coverage on any additional functionality or application changes that could affect testing.
We are interested in a standard Letter of Assessment in addition to the CASA Letter of Validation (LOV). Does this change the scope/cost?
Yes. We will need to review the scope and determine if additional testing is required to meet our standards for a general Letter of Assessment in addition to the CASA LOV. If you have a particular compliance requirement, please describe it and the framework, so we can consider it appropriately in scoping.
d88P Y88b d8P888
888 888 d8P 888
888 888 d8P 888
888 888 d88 888
888 888 8888888888
Y88b d88P 888
"Y8888P" 888
Customer Story
Aspire Chooses Bishop Fox for their Google Partner Security Assessment
"We’re working toward our evolutionary security goals and continuing to level up our security program. Working with Bishop Fox helped us get that vision in place."
Still have questions?
Chat with one of our App Defense Alliance authorized security experts to learn how we can support your security needs.
