Need info on Product scanning


#1

Hello Support,
We are validating this tool. And in our validation process we need the product’s security scan results/document. Can some body please send me this because this is required to purchase the software.


#2

@anilkyeddu,

Thanks for your query.

Which product (API) you are interested in? What kind of security scan results you are asking for? After getting the details, we will assist you better and provide you more details.


#3

We are interested in Aspose Total .NET. iam looking for any type of code scan test results to make sure this product is not having any vulnerabilities .


#4

Each Aspose for .NET API is an independent class library project compiled under the .NET framework. We take security very seriously to manage each latest threat. We offer clients to test every aspect of the product before buying it. Before releasing any new Aspose API version, the common core test cases are being executed to make sure everything is well tuned.

We perform all professional activities to incorporate OWASP top application risks. We follow coding standards which addresses best/proper practices and patterns, including for security issues. We have a peer code review process and we use automated tools to monitor code quality/adherence to the standard. However, if you come across any issue, then please let us know proactively in forums.

We have documented all coding standards for developers. Aspose APIs are secure and do not pose a potential risk to the system resources. Still, if you find any security vulnerability complaint of Aspose APIs, then please let us know. We’ll investigate and fix it asap.


#5

Thanks. Ours is a Financial Org and we have a security team who will need a report for these scans. Please send us.


#6

@anilkyeddu,

Well, we do have scan results for vulnerabilities on source code level for .NET APIs. But we might not share to the users directly as it is proprietary data or internal module(s). Anyways, we will still check if we can provide you a few sample results (the original ones might not be shared) for some released Dlls.


#7

Thanks. Please provide that info.


#8

Hello Amjad,
Can you please provide the info what i requested because this is needed to purchase the product.
Other wise we cannot buy this.


#9

@anilkyeddu,

So far, we are only able to devise and provide you the vulnerabilities scans/results for Aspose.Cells. Please find attached the document containing vulnerability items for Aspose.Cells.
Vulnerability_items_Aspose_Cells.zip (17.4 KB)

As soon as some other APIs vulnerabilities results become available, we will share it with you.


#10

Thanks. When you do a scan normally it provides a output file in pdf or any other document.Can you forward that please.


#11

@anilkyeddu,

You mean when saving/rendering Workbook (XLS/XLSX) to PDF, other MS Excel file formats or image format, kindly elaborate?


#12

No when you run the scan it generates output file right. iam need that one please.


#13

@anilkyeddu,

As we told you, we might not share the original results as it is proprietary data or internal module(s). We gathered those vulnerabilities scans/results for Aspose.Cells (the document is already shared in previous post) which are relevant to users’ concerns.


#14

Hello Amjad,
Our Security team requires this type of any one report.
1.Full Security Penetration Scan test report.
2. Light-Weight Penetration test with Attestation
3.Regular Vulnerability Scan result report.

Please see if you can send any one of them as a report.


#15

@anilkyeddu,

Thanks for sharing your requirements.

We are discussing this matter and will get back to you with updates.

Thanks for your patience.