From 1fecb9826e17ff2753fa353889c92bf350b2f157 Mon Sep 17 00:00:00 2001
From: Xavier Foucrier <xavier.foucrier@gmail.com>
Date: Sun, 15 Sep 2024 14:47:18 +0200
Subject: [PATCH] Add cloud application security assessment documentation

---
 README.md | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index bc74c16..0dd3952 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# Inbox Notifier – [![Version](https://img.shields.io/github/release/xavierfoucrier/inbox-notifier)](https://github.com/xavierfoucrier/inbox-notifier/releases/latest) [![Code quality](https://img.shields.io/codacy/grade/088c98657120438ca3f8ffb529abcb79)](https://app.codacy.com/gh/xavierfoucrier/inbox-notifier/dashboard) [![ci](https://img.shields.io/github/actions/workflow/status/xavierfoucrier/inbox-notifier/ci.yml?branch=main)](https://github.com/xavierfoucrier/inbox-notifier/actions?query=workflow:"CI") [![Downloads](https://img.shields.io/github/downloads/xavierfoucrier/inbox-notifier/total "Downloads - All releases")](https://github.com/xavierfoucrier/inbox-notifier/releases) [![Softpedia](https://img.shields.io/badge/softpedia-award-%230E7FC0 "Softpedia - Award")](https://www.softpedia.com/get/Internet/E-mail/Mail-Utilities/xavierfoucrier-Inbox-Notifier.shtml#status)
+# Inbox Notifier – [![Version](https://img.shields.io/github/release/xavierfoucrier/inbox-notifier)](https://github.com/xavierfoucrier/inbox-notifier/releases/latest) [![Code quality](https://img.shields.io/codacy/grade/088c98657120438ca3f8ffb529abcb79)](https://app.codacy.com/gh/xavierfoucrier/inbox-notifier/dashboard) [![Downloads](https://img.shields.io/github/downloads/xavierfoucrier/inbox-notifier/total "Downloads - All releases")](https://github.com/xavierfoucrier/inbox-notifier/releases) [![Softpedia](https://img.shields.io/badge/softpedia-award-%230E7FC0 "Softpedia - Award")](https://www.softpedia.com/get/Internet/E-mail/Mail-Utilities/xavierfoucrier-Inbox-Notifier.shtml#status) [![ADA](https://img.shields.io/badge/casa%20-%20assessment%20-%20%23019688 "App Defense Alliance - Cloud Application Security Assessment")](https://github.com/xavierfoucrier/inbox-notifier?tab=readme-ov-file#assessment)
 Gmail notifications instantly in the Windows taskbar.
 
 [![Inbox Notifier](logo.png "Inbox Notifier")](logo.png?raw=true)
@@ -68,6 +68,31 @@ Softpedia guarantees that Inbox Notifier is **100% Free**, which means it does n
 Read the [Softpedia Labs review](https://www.softpedia.com/get/Internet/E-mail/Mail-Utilities/xavierfoucrier-Inbox-Notifier.shtml) for more informations.
 
 
+## Assessment
+On **June 8th, 2024**, Inbox Notifier has satisfied CASA application security requirements by successfully completed a **Cloud Application Security Assessment (CASA)**. In meeting these assessment requirements, Inbox Notifier is verified to meet the CASA Tier 2 requirements. The assessment was conducted by **PwC, an independent third party lab**, authorized by the App Defence Alliance to conduct CASA security assessments.
+
+| Category                                                        | Status |
+| --------------------------------------------------------------- | ------ |
+| Architecture, Design and Threat Modeling Requirements           |   ✅   |
+| Authentication Verification Requirements                        |   ✅   |
+| Session Management Verification Requirements                    |   ✅   |
+| Access Control Verification Requirements                        |   ✅   |
+| Validation, Sanitization and Encoding Verification Requirements |   ✅   |
+| Stored Cryptography Verification Requirements                   |   ✅   |
+| Error Handling and Logging Verification Requirements            |   ✅   |
+| Data Protection Verification Requirements                       |   ✅   |
+| Communications Verification Requirements                        |   ✅   |
+| Malicious Code Verification Requirements                        |   ✅   |
+| Business Logic Verification Requirements                        |   ✅   |
+| File and Resources Verification Requirements                    |   ✅   |
+| API and Web Service Verification Requirements                   |   ✅   |
+| Configuration Verification Requirements                         |   ✅   |
+
+CASA is based on the industry-recognized **Open Web Application Security Project (OWASP)** Application Security Verification Standard (ASVS) to provide third-party (3P) application developers with a basis for testing technical application security controls, a consistent set of requirements for secure application development, a homogenized coverage and assurance levels for providing security verification using industry-aligned frameworks and open security standards.
+
+> App Defense Alliance CASA tier 2 **assessment will be renewed on an annual basis**.
+
+
 ## Contribute
 If you want to report a bug or if you just want to request for a new feature/improvement, please **read the project [contributors guidelines](https://github.com/xavierfoucrier/inbox-notifier/blob/main/.github/CONTRIBUTING.md) before**. Thanks for taking time to contribute to Inbox Notifier.