Contact us
Hours for live chat and calls:
Sun 8 p.m. - Fri 8:30 p.m. CST
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock
( )
or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Application Security Testing, or AST, is testing, analyzing, and reporting the security level of an application as it moves from early development stages through deployment and maintenance.
An effective AST program incorporates products, services, and solutions that continuously assess and address application vulnerabilities through the entire software development life cycle. An AST program should:
Successful AST programs go beyond automation — agencies also need to hire cybersecurity experts to manually analyze how government applications work and how they can be exploited. Each agency may have a different approach to their AST program, and GSA’s contract options offer a variety of sophisticated tools that statically and dynamically analyze applications for detectable weaknesses.
Agencies can buy AST products and services through our technology contracts and purchasing programs:
You can find the services that best align with your AST program needs on this summary sheet [PDF - 228 KB], which provides an overview of AST and related GSA solutions.
Our Application Security Testing buyer’s guide [PDF - 879 KB] provides key considerations when implementing an AST program. It also helps agencies identify and procure AST offerings to improve their application security posture.
To make your acquisition experience easier and more efficient, our AST Statement of Work template [DOCX - 37 KB] provides typical language for a cybersecurity solicitation and examples of specific activities and deliverables associated with AST services.
The template aligns with the Highly Adaptive Cybersecurity Services RFQ template [DOCX - 58 KB], so you can copy and paste information from the AST SOW template directly into Sections 3.0 and 4.0 of the RFQ Template as part of a larger cyber services requirement.
Hours for live chat and calls:
Sun 8 p.m. - Fri 8:30 p.m. CST
Error, The Per Diem API is not responding. Please try again later.
No results could be found for the location you've entered.
Rates for Alaska, Hawaii, and U.S. territories and possessions are set by the Department of Defense.
Rates for foreign countries are set by the Department of State.
Rates are available between 10/1/2022 and 09/30/2025.
The End Date of your trip can not occur before the Start Date.
Traveler reimbursement is based on the location of the work activities and not the accommodations, unless lodging is not available at the work activity, then the agency may authorize the rate where lodging is obtained.
Unless otherwise specified, the per diem locality is defined as "all locations within, or entirely surrounded by, the corporate limits of the key city, including independent entities located within those boundaries."
Per diem localities with county definitions shall include"all locations within, or entirely surrounded by, the corporate limits of the key city as well as the boundaries of the listed counties, including independent entities located within the boundaries of the key city and the listed counties (unless otherwise listed separately)."
When a military installation or Government - related facility(whether or not specifically named) is located partially within more than one city or county boundary, the applicable per diem rate for the entire installation or facility is the higher of the rates which apply to the cities and / or counties, even though part(s) of such activities may be located outside the defined per diem locality.