Cloud Application Security Assessment (CASA)

Cloud Application Security Assessment (CASA) is a comprehensive framework created to strengthen the security of cloud-based applications.
Developed by the App Defense Alliance (ADA) — led by Google — CASA builds upon the proven principles of the OWASP Application Security Verification Standard (ASVS) to provide a structured and effective approach to cloud security.

Benefits of CASA

Proactive Security Posture
Identify and resolve potential security weaknesses before they can be exploited.

Regulatory Compliance
Ensure that your applications meet relevant regulatory and industry-specific security requirements.

Risk Mitigation
Reduce the likelihood of data breaches and other security incidents by proactively addressing vulnerabilities.

Enhanced Trust
Showcase your commitment to robust security practices, increasing confidence among customers, partners, and stakeholders.

Tier 2 Certification

Google requires third-party applications — such as FileDrop — to achieve CASA Tier 2 certification before integration with their services.
To earn this certification, the FileDrop platform undergoes an annual independent technical audit performed by a certified third party — in our case, TAC Security.

In April 2025, TAC Security conducted a full security evaluation of the FileDrop platform, which included both penetration testing and verification of security configurations.
Their assessment confirmed that FileDrop meets or exceeds industry best practices in the following key areas:

• Secure Handling of Customer Data

• Architecture, Design, and Threat Modeling

• Authentication Verification

• Session Management

• Access Control

• Stored Cryptography for Customer Data

• Communications Security

• Malicious Code Protection

• Business Logic Validation

• API and Web Service Configuration

Questions?

For more information about CASA or to learn how FileDrop secures user data, please contact us at support@getfiledrop.com.