Skip to navigation Skip to main content Skip to footer

CASA Questionnaire

Please fill out our Questionnaire to get started on your CASA journey

Getting Started
Please select the Google Cloud Application Security Assessment you are pursuing: *









Did you pass OAuth Security Assessment or CASA last year? *


Has Google directed you to undergo a CASA Review? If yes, what is your Assurance Level (AL) Assignment? * If yes, NCC Group will require a copy of the email to 'google_casa@nccgroup.com'. Completing a CASA Review before Google has directed you to do so could result in a rejected LOV.




All current restricted scopes can be found here: https://support.google.com/cloud/answer/13464325
Your Company Information
Type your company's website address
Is the invoicing address the same as the company address provided* (If NO, please notify your NCC Group representative upon follow up) *


About your Application
If you have multiple project numbers, please include an explanation of how each project number is utilized (Different applications, environments, platforms, regions, etc) .
If a date was not provided, please input date 90 days from the date you received your last comms from Google.
Server Application Type(s) -- please select any of the following if directly exposed to the internet: *







Client Application Type(s) -- please select all that apply: *









If 'Android' or 'iOS App' indicated in previous question, can the OAuth flow be completed within the mobile app/web app?




What is the size of the full application (total endpoints, APIs + App)? *




Does your application make use of Multi-Factor Authentication (MFA) for application end users (not administration)? If yes, can it be disabled for specific test accounts? *



Are you intertested in additional pentesting services? The Cloud Application Security Assessment to be completed by NCC Group is designed to determine if an application meets all of the App Defense Alliance requirements. This assessment is not, however, to be a full and complete penetration test of the application and should not be treated as such. As a separate engagement NCC Group can perform additional security services. Are there any pentesting efforts you are interested in?