CASA Tier 2 Certified

Cloud Application Security Assessment (CASA)

Cloud Application Security Assessment (CASA) is a framework designed to improve the security of cloud-based applications. It was developed by the App Defense Alliance (ADA) lead by Google and leverages the well-established OWASP Application Security Verification Standard (ASVS).

Benefits of CASA

• Proactive Security Posture CASA enables organizations to identify and address security weaknesses before they can be exploited.

• Regulatory Compliance Ensures that applications meet regulatory and industry-specific security requirements.

• Risk Mitigation Reduces the likelihood of data breaches and other security incidents by addressing vulnerabilities.

• Enhanced Trust Demonstrates a commitment to security, boosting stakeholder confidence in the application's safety.

Tier 2 Certification

Google requires that third party products, like Orangedox, achieve a CASA Tier 2 certification before integrating with their services. To achieve this certification Orangedox's platform be must be technically audited every year by an independant third party, in our case TAC Security.

In April 2025 TAC Security tested Orangedox's platform, using both penetration testing and verified confirmation of security settings. TAC Security verified that Orangedox meets or exceeds security best practices in the following areas:

• Secure Handling of Customer Data
• Architecture, Design, and Threat Modeling
• Authentication Verification
• Session Management
• Access Control
• Stored Cryptography for Customer Data
• Communications
• Malicious Code
• Business Logic
• API and Web Service Configuration

If you have any questions about CASA or how Orangedox secures user data please contact security@orangedox.com.