DASA
A modern security standard for desktop applications
DASA sets testable requirements for securing applications that run on Windows, macOS, and Linux.
DASA
A modern security standard for desktop applications
DASA sets testable requirements for securing applications that run on Windows, macOS, and Linux.
OVERVIEW
DASA gives developers a baseline of security requirements for desktop applications, drawn from established open standards and paired with assessment criteria. It also covers installers, updaters, and bundled libraries.
Desktop applications often handle sensitive data and run with broad access to the operating system. Unlike web and mobile software, the binary sits directly on the user's machine, where it can be inspected, modified, or made to load a malicious library. DASA sets testable requirements to mitigate these risks.
Program Benefits
Cross-platform
A single standard covering applications on Windows, macOS, and Linux.Â
Built on open standards
Requirements adapted from established open-source security standards.
Testable baseline
Clear acceptance criteria, with automated checks that don't require source code.
Certification Requirements
Every application in DASA is measured against a common set of baseline requirements, with additional checks specific to its operating system.
Communications Security
Protecting data in transit through enforced TLS, certificate validation, and strong cipher suites.
Data Protection
Securing sensitive data on disk and in memory, and keeping secrets out of distributed binaries.
Authentication, Credential Storage, and Privilege Management
Storing credentials securely, following sound authentication practices, and running without unnecessary system privileges.
Input Validation
Handling untrusted input safely, with protection against command injection, path traversal, and unsafe file parsing.
Component and Dependency Management
Tracking third-party libraries, avoiding known vulnerabilities, and preventing library hijacking.
Secure Installation and Update Mechanism
Delivering signed, verified updates and installers over encrypted channels, with least privilege.
Inter-Process Communication
Securing IPC endpoints against unauthorized access and protecting sensitive data in transit between processes.
Logging and Error Handling
Keeping sensitive information out of error messages and disabling debug modes in production builds.
Access Control and Multi-User Isolation
Isolating each local user's data and settings on shared systems.
User Interface Security and Privacy
Masking sensitive data in the interface and providing clear indicators for access to privacy-sensitive hardware.
Platform-specific requirements
Beyond the common baseline, DASA includes additional requirements for each operating system, covering binary hardening, code signing, and secure distribution. The Windows, macOS, and Linux annexes set these out in full.
Get Certified
DASA certification is handled through the Alliance's authorized labs, with the depth of review set by your assurance level.