Application Security Testing Program (ASTP)

NOTE: The Information Security Office is currently updating UC Berkeley's Data Classification Standard and Protection Profiles for the Campus. Our intention is to first make changes to the DPL numbering system without modifying the associated controls or requirements. These number changes are reflected on this page.



The Application Security Testing Program (ASTP) offers a consultative application security assessment for applications handling UC P4 data (formerly UCB PL2). These assessments are similar to penetration tests and provide a hands-on, manual security evaluation of an application.

Any UC Berkeley application handling UC P4 data (formerly UCB PL2), including California State Law "Notice-Triggering" information, must pass an application security assessment to remain in compliance with the UC Berkeley Minimum Security Standard for Electronic Information (MSSEI).

Attackers often try to steal Personally Identifiable Information and other sensitive data for financial gain and notoriety, which can result in a financial and reputational loss to the University.

ASTP seeks to assess applications in a real-world environment and from an attacker's perspective. These assessments often identify security vulnerabilities and exposures that are not captured by automated scanning tools or traditional detection mechanisms.

How to Get Started

To request an ASTP assessment for a UC P4 (formerly UCB PL2) data system, please email

Service Details and Additional Information

Service category