XiaoKL

Security.ssl-pinning

SSL Pinning

 

1. What's SSL Pinning?

"SSL Pinning is making sure the client checks the server’s certificate against a known copy of that certificate.

Simply bundle your server’s SSL certificate inside your application, and make sure any SSL request first validates

that the server’s certificate exactly matches the bundle’s certificate. " Ref[1]

 

"The method used to do this is: connection:willSendRequestForAuthenticationChallenge: inside the NSURLConnectionDelegate protocol.

This method gets called when an SSL connection is made, giving you, the programmer, a chance to inspect the authentication

challenge and either proceed or fail." Ref[1]

 

2. SSL Pinning in AFNetworking 

Ref[9], Ref[8] 

 

 

 


Reference

1. SSL Pinning for Increased App Security (Read Again) (AAAA)

https://possiblemobile.com/2013/03/ssl-pinning-for-increased-app-security/

2. How to make your iOS apps more secure with SSL pinning

https://infinum.co/the-capsized-eight/how-to-make-your-ios-apps-more-secure-with-ssl-pinning

3. ANDROID SSL PINNING USING OKHTTP

https://medium.com/@develodroid/android-ssl-pinning-using-okhttp-ca1239065616

4. SSL Pinning in UWP Apps

http://resources.infosecinstitute.com/ssl-pinning-in-uwp-apps/

5. Exploring SSL Pinning on iOS

https://nabla-c0d3.github.io/blog/2013/02/19/ios-pinning/

6. MITM ATTACKS & SSL PINNING: WHAT IS IT AND WHY YOU SHOULD CARE.

https://www.ionic.com/blog/mitm-attacks-ssl-pinning-what-is-it-and-why-you-should-care/

7. Android Security: SSL Pinning

https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e

8. About Public Key Pinning (To Read)

https://noncombatant.org/2015/05/01/about-http-public-key-pinning/

https://security.stackexchange.com/questions/29988/what-is-certificate-pinning

9. SSL MiTM attack in AFNetworking 2.5.1 - Do NOT use it in production! (To Read)

http://blog.mindedsecurity.com/2015/03/ssl-mitm-attack-in-afnetworking-251-do.html

10. How to make your iOS apps more secure with SSL pinning (To Read)

https://infinum.co/the-capsized-eight/how-to-make-your-ios-apps-more-secure-with-ssl-pinning

11. Certificate and Public Key Pinning (To Read)

https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning

12. Android Security: SSL Pinning

https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e

13. Certificate Pinning in a Mobile Application

https://blog.netspi.com/certificate-pinning-in-a-mobile-application/

14. How to make your iOS apps more secure with SSL pinning

https://infinum.co/the-capsized-eight/how-to-make-your-ios-apps-more-secure-with-ssl-pinning

15. 验证 HTTPS 请求的证书(五)

https://draveness.me/afnetworking5

16. Android Security: SSL Pinning

https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e

17. Prevent bypassing of SSL certificate pinning in iOS applications

https://www.guardsquare.com/en/blog/iOS-SSL-certificate-pinning-bypassing

18. SSL pinning in iOS - Swift edition

https://infinum.co/the-capsized-eight/ssl-pinning-revisited

 

posted on 2018-03-14 20:58  XiaoKL  阅读(287)  评论(0编辑  收藏  举报

导航