New Pen Test Reports

Security and Trust Portal

Start your security review
View & download sensitive information
Search items
ControlK

Overview

Welcome to our Security and Trust Portal, your resource for product security, privacy, compliance, and reliability information. Here, we cover our company's practices, standards, and policies in place to secure our corporate environment.

Also, data security is a shared responsibility between Postman and its users. Read how you can help keep your data secure and private: https://www.postman.com/trust/shared-responsibility/.

Regulatory Compliance and Standards

CCPA Logo
CCPA
CSA STAR Logo
CSA STAR
GDPR Logo
GDPR
PCI DSS Logo
PCI DSS
SOC 2 Logo
SOC 2
SOC 2 Type 2 Logo
SOC 2 Type 2
SOC 3 Logo
SOC 3
TX-RAMP Logo
TX-RAMP
Security and Trust Portal Updates

New Pen Test Reports

Vulnerabilities
Copy link

Pen Test Reports for 2025 have been completed and are now available in the Trust Center. You can find reports covering our Production Web API Application and Network.

Published at N/A

IngressNightmare

Vulnerabilities
Copy link

As of March 26th, 2025, Postman’s production systems are not affected by the IngressNightmare vulnerability.

Published at N/A*

Security and Trust Reports

SOC 2 TYPE 2 REPORTSData Flow Diagram (DFD)
SOC 2 TYPE 2 REPORTSNetwork Diagram
SOC 2 TYPE 2 REPORTSSOC 2 Report
SOC 2 TYPE 2 REPORTSSOC 3 Report
REGULATORY COMPLIANCE AND STANDARDSCSA STAR
REGULATORY COMPLIANCE AND STANDARDSPCI DSS
REGULATORY COMPLIANCE AND STANDARDSSOC 2 Type 2
REGULATORY COMPLIANCE AND STANDARDSSOC 3
REGULATORY COMPLIANCE AND STANDARDSTX-RAMP
PRODUCT SECURITYData Security
DATA SECURITYData Encryption in Transit and at Rest
APPLICATION SECURITYApplication Penetration Testing

Risk Profile

Data Access LevelInternal
Impact LevelModerate
Critical DependenceNo
View more

Product Security

Audit Logging
Data Security
Integrations
View more

SOC 2 Type 2 Reports

Data Flow Diagram (DFD)
Network Diagram
Pentest Report
View more

Data Security

Access Monitoring
Data Backups Enabled
Data Encryption in Transit and at Rest
View more

Application Security

Application Penetration Testing
Software Security
Vulnerability Management
View more

Legal and Data Privacy

Sub-processors
Cookie Notice
Global Data Privacy Frameworks
View more

Access Control

Employee Access Management
Logging
Password Security

Infrastructure and Cloud Security

Status Monitoring
Business Continuity and Disaster Recovery
Infrastructure Security
View more

Network Security

Attack Prevention and Mitigation
Firewall
Network Penetration Testing
View more

Corporate Security

Employee Training
HR Security
Incident Response
View more
Built onSafeBase by Drata Logo