diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3151732d6..59a08e90e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,6 +26,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Docs: `preloadRef` method for the `Slice` type: PR [#1044](https://github.com/tact-lang/tact/pull/1044)
 - Docs: added DeDust cookbook: PR [#954](https://github.com/tact-lang/tact/pull/954)
 - Docs: described the limit for deeply nested expressions: PR [#1101](https://github.com/tact-lang/tact/pull/1101)
+- Docs: added a link to the article by CertiK to Security best practices page: PR [#1185](https://github.com/tact-lang/tact/pull/1185)
 
 ### Changed
 
diff --git a/docs/src/content/docs/book/security-best-practices.mdx b/docs/src/content/docs/book/security-best-practices.mdx
index acd2a2d7e..b412e6975 100644
--- a/docs/src/content/docs/book/security-best-practices.mdx
+++ b/docs/src/content/docs/book/security-best-practices.mdx
@@ -13,6 +13,8 @@ For a deeper understanding, refer to the following resources:
 * [Secure Smart Contract Programming in TON Docs](https://docs.ton.org/v3/guidelines/smart-contracts/security/secure-programming)
 * [FunC Security Best Practices in GitHub repo](https://github.com/slowmist/Toncoin-Smart-Contract-Security-Best-Practices/blob/main/README.md)
 
+In addition, consider reading the detailed article by CertiK, a Web3 smart contract auditor: [Secure Smart Contract Programming in Tact: Popular Mistakes in the TON Ecosystem](https://www.certik.com/resources/blog/secure-smart-contract-programming-in-tact-popular-mistakes-in-the-ton).
+
 ## Send sensitive data on-chain
 
 The entire smart contract computation is transparent, and if you had some confidential values at run-time, they could be retrieved with a simple emulation.