Hello, I am currently conducting a security assessment of Aspose.Words for Java and would like to request any available third-party security attestations, such as SOC 2 reports, ISO certifications, or any other security-related documentation that provides insight into Aspose’s security posture. Additionally, we also have a security questionnaire. Would you be able to review and fill out the questionnaire as well? Please let me know if you require any further details. Thank you in advance for your time and support.
Can you please provide more details about the specific security documentation you are looking for regarding Aspose.Words for Java?
Any reports confirming security of Aspose.Words for Java.
@keso.kh Here is the report aspose-words-net-security.zip (15.2 KB). the report is for .NET version, but Java version of auto-ported from .NET version, so it is applicable to Java version too.
Please note, Aspose is a small, privately owned company and has not pursued SIG/CSA Star, ISO, SOC, or VAPT certifications.
Thank you for your help.
1 Like
Hello, Could you provide more information regarding the security testing details or share additional documents related to the following topics?
Was the testing internal or independent (conducted by an independent third-party security firm)? If it was an internal assessment, can you provide details on the testing methodology?
Which tools were used for testing (e.g., SAST, DAST, manual penetration testing)?
Is an executive summary of the test report available for review?
Can you provide a detailed breakdown of the SANS Top 25 vulnerabilities tested, including CWE references, test results, and remediation details?
- We use internal security testing.
- We use SonarQube code analyzer for security testing.
- We test each release for OWASP and SANS vulnerabilities . We use proprietary reporting tool based on SonarQube analysis.
The last report reports.zip (3.8 KB)
Thank you very much!
1 Like