From 5a1984d97e83471dbc72e67e5a0fbdcdbebb96ba Mon Sep 17 00:00:00 2001
From: M5oul <moul@moul.re>
Date: Tue, 6 Sep 2016 13:26:16 +0200
Subject: [PATCH] Pentest documentation (#388)

* [enh] security: add pentests links.

* [enh] security: pentests: better presentation.
---
 security.md    | 8 ++++++++
 security_fr.md | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/security.md b/security.md
index 372b1a03..597b55bb 100644
--- a/security.md
+++ b/security.md
@@ -113,3 +113,11 @@ YunoHost administration is accessible through an **HTTP API**, served on the 678
 ```bash
 sudo service yunohost-api stop
 ```
+
+### YunoHost penetration test
+
+Some [pentests](https://en.wikipedia.org/wiki/Penetration_test) have been done on a YunoHost 2.4 instance (french):
+
+- [1) Preparation](https://blog.exadot.fr/2016/07/03/pentest-dune-instance-yunohost-1-preparation)
+- [2) The functionning](https://blog.exadot.fr/2016/07/12/pentest-dune-instance-yunohost-2-le-fonctionnement)
+- [3) Black Box Audit](https://blog.exadot.fr/2016/08/26/pentest-dune-instance-yunohost-3-audit-en-black-box)
diff --git a/security_fr.md b/security_fr.md
index e7920755..14b85ae7 100644
--- a/security_fr.md
+++ b/security_fr.md
@@ -121,3 +121,11 @@ YunoHost est administrable via une **API HTTP**, servie sur le port 6787 par dé
 ```bash
 sudo service yunohost-api stop
 ```
+
+### Tests d’intrusion de YunoHost
+
+Des [pentests](https://fr.wikipedia.org/wiki/pentest) ont été effectués sur une instance de YunoHost 2.4 :
+
+- [1) Préparation](https://blog.exadot.fr/2016/07/03/pentest-dune-instance-yunohost-1-preparation)
+- [2) Le fonctionnement](https://blog.exadot.fr/2016/07/12/pentest-dune-instance-yunohost-2-le-fonctionnement)
+- [3) Audit en Black Box](https://blog.exadot.fr/2016/08/26/pentest-dune-instance-yunohost-3-audit-en-black-box)