Add blogpost about pentest

monal-im · Apr 15, 2024 · e193127 · e193127
1 parent f95f639
commit e193127
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/content/post/00011-security-audit-1/index.md b/content/post/00011-security-audit-1/index.md
@@ -0,0 +1,21 @@
+---
+title: "ROS Security Audit"
+date: 2024-04-15
+resources:
+- src: "pentest_1.pdf"
+  title: "Monal IM penetration test report 2024 1.0"
+  params:
+    icon: pdf
+
+tags: []
+author: "Thilo Molitor"
+---
+
+<a href="https://www.radicallyopensecurity.com/">Radically Open Security (ROS)</a> kindly performed a security audit of some parts of Monal.  
+Specifically they audited the usage of our XML query language and the implementations of <a href="https://xmpp.org/extensions/xep-0388.html">SASL2</a>, <a href="https://datatracker.ietf.org/doc/html/rfc5802">SCRAM</a> and <a href="https://xmpp.org/extensions/xep-0474.html">SSDP</a>.
+
+**The results in a nutshell: *no security issues* found, read the full report here:**
+
+{{ with .Resources.GetMatch "pentest_1.pdf" }}
+  <a href="{{ .RelPermalink }}">{{ .Title }}</a>.
+{{ end }}
diff --git a/content/post/00011-security-audit-1/pentest_1.pdf b/content/post/00011-security-audit-1/pentest_1.pdf