What is SSL pinning?

Показать описание

iOS Engineer, Marty Burolla, gives us the 4-1-1 on SSL Pinning, but not before he gives us a helpful rundown on the importance of secure web connections.

New to development or a pro who needs help? Just tweet your question to #AskADev. We’ll pick the best ones and have a developer answer them.

Ask A Dev

Рекомендации по теме

Комментарии

A picture is worth a thousand words. What's the use of this being uploaded as Video, could have done it just with audio as there is no drawing, pictures or animations. The brief given is good but for somebody without a background in security needs to listen at least a few times to clear up the concept.

usmanf

I have a question: So you said that we compare the public key from the server with the key we pinned on the client. What if an attacker just grabs the public key from the server and uses this on his own fake server to pretend it is the correct server?

renatostauffer

I`ll mark a like. Because explanation is rather good, with perfect English. But it`s much much better to describe all those things on schemes, and graphs. I`ve been listening video twice, and still will go to google...

andriibogachenko

is there any way of doing the SSL pinning using which we can make changes in server-side only without making any changes in the app..so that we don't need to release the app with new certificate on the store when the certificate is expired?

thechirpy_wanderer

what if a hacker decompiles the apk and get the public key and all the api urls? Then the hacker will be allowed to connect to our server with his own app or not?

gopalsingh

Thanks, this video helped me, I needed a good way to explain what is, and way you should do certificate pinning.

nonnels

This guy around 0:35 says that "it uses RSA to key exchange" and "SHA1 to sign messages". This is why you don't ask a Dev for crypto.

helterskelter

can you also share some information on os level ssl pinning instead of inside apk or alike which considered app level. also things like CRS and Secure Element in context to ssl pinning.

mitenmehta

Which method is most secure all of three public key or certificate or skpi...

dilippatil

What will happen if the pinned key and server side key doesn't mach?
In my case the api calling is success if the keys aren't match.

sanjujohn

could please provide a example for the android..

dilippatil

what is the use of CSRF token and what CSRF attack?

tejal

I don't get how cert pinning protects against MITM if the cert is indeed stolen ?

rramani

How do I implement HTTP public key pinning in JSP response.setHeader()?

Dhanapatimahato

Speaker: What to do with my hands ?what to do with my hands...

hipiri

What is SSL pinning?

SSL Pinning Explained

What is SSL pinning?

TLS/SSL Certificate Pinning Explained

TLS Part 8: Certificate Pinning

What is SSL Pinning & SSL Handshaking

Man in The Middle Attack and SSLPinning | Ethical Hacking | Charles | iOS | Swift | Xcode

TLS/SSL Pinning for #Android Developers - Beginners Guide! (Simplified Explanation)

SSL, TLS, HTTPS Explained

How SSL Certificate Works? - HTTPS Explained

Defeat SSL Pinning | Android Security Crash Course

How SSL Pinning Reinforces iOS App Security - Pietro Messineo | Swift Heroes 2023 Talk

What is SSL pinning?

SSL Pinning Bypass on Android with Frida (Step-by-Step Guide)

Android SSL Pinning Bypass

Advanced iOS : SSL Pinning in iOS Through URLSession

007. SSL Pinning для мобильных приложений Яндекса - Ростислав Алиферович...

SSL Pinning in iOS using Swift - Part 1 (Introduction)

Does implementing SSL Pinning make your mobile app secure

O que é SSL Pinning?

20201217 sepintas overview SSL pinning

SSL Pinning | By Firdous Ali

Android SSL Pinning Bypass with Frida

SSL pinning. Инструкция по применению — Анна Сентякова, 65apps

iOS Pentesting - SSL Pinning