Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

website/docs: fix 2 links to cobalt restesting pdf #12895

Merged
merged 2 commits into from
Jan 30, 2025
+2 −2
Merged

website/docs: fix 2 links to cobalt restesting pdf #12895

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9e50cdd
fix link to results
Jan 30, 2025
eb575c1
fix second bad link to pdf
Jan 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions website/docs/security/audits-and-certs/2024-11-cobalt.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

We are committed to engaging in regular pentesting and security audits of authentik. Defining and adhering to a cadence of external testing ensures a stronger probability that our code base, our features, and our architecture is as secure and non-exploitable as possible.

In August-September of 2024, we had a pentest conducted by [Cobalt](https://www.cobalt.io). This document covers the findings of the audit, how we addressed the noted issues, and the subsequent [re-testing](https://github.com/goauthentik/website/src/resources/final_fullReport_authentik-cobalt-test-instance-august-2024-pt26135.pdf) by Cobalt to confirm that all issues were resolved.
In August-September of 2024, we had a pentest conducted by [Cobalt](https://www.cobalt.io). This document covers the findings of the audit, how we addressed the noted issues, and the subsequent [re-testing](https://goauthentik.io/resources/fullReport_authentik-cobalt-test-instance-august-2024-pt26135.pdf) by Cobalt to confirm that all issues were resolved.

Cobalt described their process for testing:

Expand Down Expand Up @@ -58,6 +58,6 @@ The absence of Content Security Policy (CSP) headers means that the application

## Retest results

The subsequent retest conducted by Cobalt deemed all issues resolved. See page 17 of the [report](https://github.com/goauthentik/website/src/resources/final_fullReport_authentik-cobalt-test-instance-august-2024-pt26135.pdf) for the mitigation status ("fixed") for each of the issues discovered in September.
The subsequent retest conducted by Cobalt deemed all issues resolved. See page 17 of the [report](https://goauthentik.io/resources/fullReport_authentik-cobalt-test-instance-august-2024-pt26135.pdf) for the mitigation status ("fixed") for each of the issues discovered in September.

We are pleased to share this pentest and the final results of the retest. We encourage an open and ongoing communication with our users and community. For more information abut our security stance, read our [Security Policy](https://docs.goauthentik.io/docs/security/policy), [Hardening authentik](https://docs.goauthentik.io/docs/security/security-hardening), and our other [security-related documentation](https://docs.goauthentik.io/docs/security). If you have any questions or feedback you can reach us on [GitHub](https://github.com/goauthentik/authentik), [Discord](https://discord.com/channels/809154715984199690/809154716507963434), or via email to [hello@goauthentik.io](mailto:hello@goauthentik.io).
Loading