diff --git a/doc/configure_instance.rst b/doc/configure_instance.rst
index fe19cd6619a46e673818c0decf71d406af480d4b..3d76978a8c3a4cf9939a3b7d1fad3eca1066feb5 100644
--- a/doc/configure_instance.rst
+++ b/doc/configure_instance.rst
@@ -173,8 +173,9 @@ A profiles can be "Single cell" "Metagenomic", "Web development", ... There can
 .. warning::
     Deleting a profile would result in un-associating all existing candidate to this profile without notifying them. To prevent mis-deletion, this possibility is not possible through the recruitment management interface. It is only possible in the admin interface https://strass-master.dev.pasteur.cloud/admin/strass_app/profile/, and only for superusers.
 
+.. _language override module:
 
-Using STRASS for a workshop
+Using STRASS for a workshop (a.k.a the Language override module)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 If you use STRASS to recruit students for a workshop, the term `Profile` does not suite the need and you probably want to rename it to `Workshop` for example. Here is how to do it:
diff --git a/doc/jm_documentation.rst b/doc/jm_documentation.rst
index e966b38b70303a39a5d0571db3be1877364177aa..acf72257a37998d3f2724aacc4e36bf14e36d7a9 100644
--- a/doc/jm_documentation.rst
+++ b/doc/jm_documentation.rst
@@ -12,4 +12,5 @@ Jury Manager Doc
     reviewer_assignation
     mass_mailing
     question_system
-    overall_score_system
\ No newline at end of file
+    overall_score_system
+    security_feature
\ No newline at end of file
diff --git a/doc/security_feature.rst b/doc/security_feature.rst
new file mode 100644
index 0000000000000000000000000000000000000000..6433cd879acc858cdcea2b57bc114c619214c560
--- /dev/null
+++ b/doc/security_feature.rst
@@ -0,0 +1,29 @@
+.. note::
+    **Audience:** Jury Manager to adapt, all for information.
+
+.. _Overall score:
+
+Security considerations and features
+===============================================================================
+
+The application is thoroughly tested with 100% test coverage, ensuring that every part of the application and every scenario is tested. Before testing all scenarios, all role-based permissions and controls are tested separately, with a required coverage of 100%, ensuring that this key feature is well tested.
+
+The application's source code is hosted on GitLab, a software forge. Continuous integration has been set up to test the application at each commit. Unit tests act as a safeguard, preventing new versions from being deployed if they introduce regressions. Reducing test coverage is also prohibited for the master branch and production instances.
+
+The application runs in a "hardened" Docker container. This means that several security measures have been implemented to prevent code injection and ensure stability. The source code is set to read-only within the container, preventing unauthorized modifications or tampering. Additionally, it runs as a non-root user, limiting access to critical system resources and preventing unauthorized modifications or tampering with the system and sources. As a consequence, patching the application during execution is impossible, changes must be committed to the source repository where authorship is unquestionable and changes are thoroughly tested.
+
+These combined measures provide a secure and stable environment for our users.
+
+Protection from attacks using PDF
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+A CV can be provided in a PDF file. This file format comes with features that can be exploited to attack the application, such as stealing session cookies or extracting application content. To prevent this, all executable code is stripped out from uploaded PDF files.
+
+Uploading a CV in PDF file can be disabled in https://strass-master.dev.pasteur.cloud/setup/#candidate-settings. If disabled, you may need to adapt the introduction text presented to applicants on how to apply. This text is visible at https://strass-master.dev.pasteur.cloud/candidate/apply/Intro/. To do so, use the :ref:`Language override module <language override module>`.
+
+Protection from attacks using Markdown
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Markdown is used to format motivation letters, calls, and more. This standard is exposed to JavaScript or CSS injection from attackers. A strict whitelist approach has been adopted, preventing almost all use of HTML within Markdown.
+
+Markdown can be disabled for the entire application in https://strass-master.dev.pasteur.cloud/setup/#misc-settings. If disabled, all content is escaped, and line breaks are replaced by ``<br>``.