Add security audit June 2020 (#702)

* add security audit june 2020

* remove .DS_Store files

* Update README.md

Co-authored-by: Mark Fussell <mfussell@microsoft.com>

concepts/security/README.md

@@ -11,6 +11,7 @@ This article addresses multiple security considerations when using Dapr in a dis
 - [State Store Security](#state-store-security)
 - [Management Security](#management-security)
 - [Threat Model](#threat-model)
+- [Security Audit June 2020](#security-audit-june-2020)
 
 Several of the areas above are addressed through encryption of data in transit. One of the security mechanisms that Dapr employs for encrypting data in transit is [mutual authentication TLS](https://en.wikipedia.org/wiki/Mutual_authentication) or mTLS. mTLS offers a few key features for network traffic inside your application:
 
@@ -110,3 +111,25 @@ When deploying on Azure Kubernetes Service (AKS), you can use [Azure Active Dire
 Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized. The Dapr threat model is below.
 
 ![Threat Model](../../images/threat_model.png)
+
+## Security Audit June 2020
+
+In June 2020, Dapr has undergone a security audit from Cure53, a CNCF approved cybersecurity firm.
+The test focused on the following:
+
+* Dapr runtime code base evaluation
+* Dapr components code base evaluation
+* Dapr CLI code base evaluation
+* Privilege escalation
+* Traffic spoofing
+* Secrets management
+* RBAC
+* Validating base assumptions: mTLS, scopes, API authentication
+* Orchestration hardening (Kubernetes)
+* DoS attacks
+* Penetration testing
+
+The full report can be found [here](./audits/DAP-01-report.pdf).
+
+Two issues, one critical and one high, were fixed during the test.
+As of July 21st 2020, Dapr has 0 criticals, 2 highs, 2 mediums, 1 low, 1 info.