logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CASA

Summary

The Cloud Application Security Assessment (CASA) has built upon the industry-recognized standards of the OWASP's Application Security Verification Standard (ASVS) to provide a consistent set of requirements to harden security for any application.

Definitions

DefinitionRequirements
CASA-1_2_2. Authentication Architecture
CASA-1_2_3. Authentication Architecture
CASA-1_4_1. Access Control Architecture
CASA-1_4_4. Access Control Architecture
CASA-1_5_2. Input and Output Architecture
CASA-1_5_3. Input and Output Architecture
CASA-1_5_4. Input and Output Architecture
CASA-1_8_2. Data Protection and Privacy Architecture
CASA-1_9_1. Communications Architecture
CASA-1_11_3. Communications Architecture
CASA-1_14_1. Configuration Architecture
CASA-1_14_2. Configuration Architecture
CASA-1_14_3. Configuration Architecture
CASA-1_14_4. Configuration Architecture
CASA-1_14_5. Configuration Architecture
CASA-1_14_6. Configuration Architecture
CASA-2_2_1. General Authenticator Security
CASA-2_2_4. General Authenticator Security
CASA-2_2_5. General Authenticator Security
CASA-2_3_1. Authenticator Lifecycle
CASA-2_4_1. Credential Storage
CASA-2_4_3. Credential Storage
CASA-2_4_5. Credential Storage
CASA-2_6_1. Look-up Secret Verifier
CASA-2_7_2. Out of Band Verifier
CASA-2_7_3. Out of Band Verifier
CASA-2_7_4. Out of Band Verifier
CASA-2_7_5. Out of Band Verifier
CASA-2_7_6. Out of Band Verifier
CASA-2_8_2. One Time Verifier
CASA-2_8_5. One Time Verifier
CASA-2_8_6. One Time Verifier
CASA-2_9_1. Cryptographic Verifier
CASA-2_9_3. Cryptographic Verifier
CASA-2_10_1. Service Authentication
CASA-2_10_2. Service Authentication
CASA-2_10_3. Service Authentication
CASA-2_10_4. Service Authentication
CASA-3_2_3. Session Binding
CASA-3_3_1. Session Termination
CASA-3_3_3. Session Termination
CASA-3_3_4. Session Termination
CASA-3_4_1. Cookie-based Session Management
CASA-3_4_2. Cookie-based Session Management
CASA-3_4_3. Cookie-based Session Management
CASA-3_5_1. Token-based Session Management
CASA-3_5_2. Token-based Session Management
CASA-3_5_3. Token-based Session Management
CASA-3_7_1. Defenses Against Session Management Exploits
CASA-4_1_1. General Access Control Design
CASA-4_1_2. General Access Control Design
CASA-4_1_3. General Access Control Design
CASA-4_1_5. General Access Control Design
CASA-4_2_2. Operation Level Access Control
CASA-4_3_1. Other Access Control Considerations
CASA-4_3_2. Other Access Control Considerations
CASA-4_3_3. Other Access Control Considerations
CASA-5_1_1. Input Validation
CASA-5_1_2. Input Validation
CASA-5_1_3. Input Validation
CASA-5_1_4. Input Validation
CASA-5_1_5. Input Validation
CASA-5_2_3. Sanitization and Sandboxing
CASA-5_2_4. Sanitization and Sandboxing
CASA-5_2_5. Sanitization and Sandboxing
CASA-5_2_6. Sanitization and Sandboxing
CASA-5_2_7. Sanitization and Sandboxing
CASA-5_3_1. Output Encoding and Injection Prevention
CASA-5_3_2. Output Encoding and Injection Prevention
CASA-5_3_3. Output Encoding and Injection Prevention
CASA-5_3_4. Output Encoding and Injection Prevention
CASA-5_3_6. Output Encoding and Injection Prevention
CASA-5_3_7. Output Encoding and Injection Prevention
CASA-5_3_8. Output Encoding and Injection Prevention
CASA-5_3_9. Output Encoding and Injection Prevention
CASA-5_3_10. Output Encoding and Injection Prevention
CASA-5_5_1. Deserialization Prevention
CASA-5_5_2. Deserialization Prevention
CASA-6_1_1. Data Classification
CASA-6_1_2. Data Classification
CASA-6_1_3. Data Classification
CASA-6_2_1. Algorithms
CASA-6_2_2. Algorithms
CASA-6_2_3. Algorithms
CASA-6_2_4. Algorithms
CASA-6_2_5. Algorithms
CASA-6_2_6. Algorithms
CASA-6_2_7. Algorithms
CASA-6_2_8. Algorithms
CASA-6_3_1. Random Values
CASA-6_3_2. Random Values
CASA-6_3_3. Random Values
CASA-6_4_2. Secret Management
CASA-7_1_1. Log Content
CASA-7_1_2. Log Content
CASA-7_1_3. Log Content
CASA-7_3_1. Log Protection
CASA-7_3_3. Log Protection
CASA-8_1_1. General Data Protection
CASA-8_1_3. General Data Protection
CASA-8_1_6. General Data Protection
CASA-8_2_1. Client-side Data Protection
CASA-8_2_2. Client-side Data Protection
CASA-8_3_1. Sensitive Private Data
CASA-8_3_2. Sensitive Private Data
CASA-8_3_3. Sensitive Private Data
CASA-8_3_5. Sensitive Private Data
CASA-8_3_6. Sensitive Private Data
CASA-8_3_8. Sensitive Private Data
CASA-9_1_2. Client Communication Security
CASA-9_1_3. Client Communication Security
CASA-9_2_1. Server Communication Security
CASA-9_2_4. Server Communication Security
CASA-9_2_5. Server Communication Security
CASA-10_1_1. Code Integrity
CASA-10_2_3. Malicious Code Search
CASA-10_2_4. Malicious Code Search
CASA-10_2_5. Malicious Code Search
CASA-10_3_2. Application Integrity
CASA-10_3_3. Application Integrity
CASA-11_1_4. Business Logic Security
CASA-12_4_1. File Storage
CASA-12_4_2. File Storage
CASA-13_1_1. Generic Web Service Security
CASA-13_1_3. Generic Web Service Security
CASA-13_1_4. Generic Web Service Security
CASA-13_2_1. RESTful Web Service
CASA-14_1_1. Build and Deploy
CASA-14_1_4. Build and Deploy
CASA-14_1_5. Build and Deploy
CASA-14_2_1. Dependency
CASA-14_3_2. Unintended Security Disclosure
CASA-14_5_2. HTTP Request Header Validation

Last updated

2023/09/18