Stay organized with collections
Save and categorize content based on your preferences.
Understand Tier 2
The Tier 2 CASA is aligned to the OWASP Application Security
Verification Standard (ASVS) v4.0. There are 134 requirements total,
with each mapped to its own set of acceptance criteria.
Most of the ASVS is also associated with a set of CWEs, which grants us
greater flexibility in determining whether a requirement has been met.
Simply follow the CASA AST guidance based on which scans are required for your application.
To qualify for Tier 2 verification, results must show:
No failed CWEs mapped to CASA requirements on your scan results
OWASP guidance from the ASVS Cheat Sheet can be referenced to remediate findings.
Requirements are met in 3 ways
In a Tier 2 verified self-assessment, requirements are broadly fall into
two categories:
Functional requirements
Non-functional requirements
Functional requirements must be verified using an
application security testing (AST) scan.
Non-functional requirements are verified using a
combination of existing CASA accepted security certifications and
developer self-attestation.
Accelerate your CASA journey
With a foundational understanding of the CASA and requirements that
apply to your app, go see how many can be automated with the CASA
Accelerator tool.
Simply provide the tool:
All rights reserved. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-11-07 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-11-07 UTC."],[],[]]
