Security.ssl-pinning
SSL Pinning
1. What's SSL Pinning?
"SSL Pinning is making sure the client checks the server’s certificate against a known copy of that certificate.
Simply bundle your server’s SSL certificate inside your application, and make sure any SSL request first validates
that the server’s certificate exactly matches the bundle’s certificate. " Ref[1]
"The method used to do this is: connection:willSendRequestForAuthenticationChallenge: inside the NSURLConnectionDelegate protocol.
This method gets called when an SSL connection is made, giving you, the programmer, a chance to inspect the authentication
challenge and either proceed or fail." Ref[1]
2. SSL Pinning in AFNetworking
Ref[9], Ref[8]
Reference
1. SSL Pinning for Increased App Security (Read Again) (AAAA)
https://possiblemobile.com/2013/03/ssl-pinning-for-increased-app-security/
2. How to make your iOS apps more secure with SSL pinning
https://infinum.co/the-capsized-eight/how-to-make-your-ios-apps-more-secure-with-ssl-pinning
3. ANDROID SSL PINNING USING OKHTTP
https://medium.com/@develodroid/android-ssl-pinning-using-okhttp-ca1239065616
4. SSL Pinning in UWP Apps
http://resources.infosecinstitute.com/ssl-pinning-in-uwp-apps/
5. Exploring SSL Pinning on iOS
https://nabla-c0d3.github.io/blog/2013/02/19/ios-pinning/
6. MITM ATTACKS & SSL PINNING: WHAT IS IT AND WHY YOU SHOULD CARE.
https://www.ionic.com/blog/mitm-attacks-ssl-pinning-what-is-it-and-why-you-should-care/
7. Android Security: SSL Pinning
https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e
8. About Public Key Pinning (To Read)
https://noncombatant.org/2015/05/01/about-http-public-key-pinning/
https://security.stackexchange.com/questions/29988/what-is-certificate-pinning
9. SSL MiTM attack in AFNetworking 2.5.1 - Do NOT use it in production! (To Read)
http://blog.mindedsecurity.com/2015/03/ssl-mitm-attack-in-afnetworking-251-do.html
10. How to make your iOS apps more secure with SSL pinning (To Read)
https://infinum.co/the-capsized-eight/how-to-make-your-ios-apps-more-secure-with-ssl-pinning
11. Certificate and Public Key Pinning (To Read)
https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
12. Android Security: SSL Pinning
https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e
13. Certificate Pinning in a Mobile Application
https://blog.netspi.com/certificate-pinning-in-a-mobile-application/
14. How to make your iOS apps more secure with SSL pinning
https://infinum.co/the-capsized-eight/how-to-make-your-ios-apps-more-secure-with-ssl-pinning
15. 验证 HTTPS 请求的证书(五)
https://draveness.me/afnetworking5
16. Android Security: SSL Pinning
https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e
17. Prevent bypassing of SSL certificate pinning in iOS applications
https://www.guardsquare.com/en/blog/iOS-SSL-certificate-pinning-bypassing
18. SSL pinning in iOS - Swift edition
https://infinum.co/the-capsized-eight/ssl-pinning-revisited