Application Security Testing Program (ASTP)

Application Security Testing Program (ASTP)



What We Do

Information Security and Policy's (ISP) Application Security Testing Program (ASTP) offers a consultative application security assessment for applications handling Protection Level 2 data. These assessments are similar to penetration tests and provide a hands-on, manual security evaluation of an application.

Any UC Berkeley application handling Protection Level 2 data, including California State Law "Notice-Triggering" information, must pass an application security assessment to remain in compliance with the UC Berkeley Minimum Security Standard for Electronic Information (MSSEI).

Why We Do It

Attackers often seek to steal Personally Identifiable Information and other sensitive data for financial gain and notoriety, which can result in financial and reputational loss to the University.

ASTP seeks to assess applications in a real world environment and from an attacker's perspective. These assessments often identify security vulnerabilities and exposures that are not captured by automated scanning tools or traditional detection mechanisms.

Who Benefits

  • Campus stakeholders operating applications that handle PL2 data
  • End users that have their personal data stored an handled by campus applications

How to Get Started

To request an ASTP assessment for a PL2 system, please email security@berkeley.edu.

Service Details and Additional Information

Service category