SSL Pinning

1. What's SSL Pinning?

"SSL Pinning is making sure the client checks the server’s certificate against a known copy of that certificate.

Simply bundle your server’s SSL certificate inside your application, and make sure any SSL request first validates

that the server’s certificate exactly matches the bundle’s certificate. " Ref[1]

"The method used to do this is: connection:willSendRequestForAuthenticationChallenge: inside the NSURLConnectionDelegate protocol.

This method gets called when an SSL connection is made, giving you, the programmer, a chance to inspect the authentication

challenge and either proceed or fail." Ref[1]

2. SSL Pinning in AFNetworking

Ref[9], Ref[8]

Reference

1. SSL Pinning for Increased App Security (Read Again) (AAAA)

https://possiblemobile.com/2013/03/ssl-pinning-for-increased-app-security/

2. How to make your iOS apps more secure with SSL pinning

https://infinum.co/the-capsized-eight/how-to-make-your-ios-apps-more-secure-with-ssl-pinning

3. ANDROID SSL PINNING USING OKHTTP

https://medium.com/@develodroid/android-ssl-pinning-using-okhttp-ca1239065616

4. SSL Pinning in UWP Apps

http://resources.infosecinstitute.com/ssl-pinning-in-uwp-apps/

5. Exploring SSL Pinning on iOS

https://nabla-c0d3.github.io/blog/2013/02/19/ios-pinning/

6. MITM ATTACKS & SSL PINNING: WHAT IS IT AND WHY YOU SHOULD CARE.

https://www.ionic.com/blog/mitm-attacks-ssl-pinning-what-is-it-and-why-you-should-care/

7. Android Security: SSL Pinning

https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e

8. About Public Key Pinning (To Read)

https://noncombatant.org/2015/05/01/about-http-public-key-pinning/

https://security.stackexchange.com/questions/29988/what-is-certificate-pinning

9. SSL MiTM attack in AFNetworking 2.5.1 - Do NOT use it in production! (To Read)

http://blog.mindedsecurity.com/2015/03/ssl-mitm-attack-in-afnetworking-251-do.html

10. How to make your iOS apps more secure with SSL pinning (To Read)

https://infinum.co/the-capsized-eight/how-to-make-your-ios-apps-more-secure-with-ssl-pinning

11. Certificate and Public Key Pinning (To Read)

https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning

12. Android Security: SSL Pinning

https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e

13. Certificate Pinning in a Mobile Application

https://blog.netspi.com/certificate-pinning-in-a-mobile-application/

14. How to make your iOS apps more secure with SSL pinning

https://infinum.co/the-capsized-eight/how-to-make-your-ios-apps-more-secure-with-ssl-pinning

15. 验证 HTTPS 请求的证书(五)

https://draveness.me/afnetworking5

16. Android Security: SSL Pinning

https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e

17. Prevent bypassing of SSL certificate pinning in iOS applications

https://www.guardsquare.com/en/blog/iOS-SSL-certificate-pinning-bypassing

18. SSL pinning in iOS - Swift edition

https://infinum.co/the-capsized-eight/ssl-pinning-revisited

Security.ssl-pinning的更多相关文章

  1. 如何使用SSL pinning来使你的iOS APP更加安全

    SSL pinning在构建一个高度安全的移动APP上扮演了一个十分重要的角色.然而如今好多用户在使用无线移动设备去访问无数不安全的无线网络. 这篇文章主要覆盖了SSL pinning 技术,来帮助我 ...

  2. iOS SSL Pinning 保护你的 API

    随着互联网的发展,网站全面 https 化已经越来越被重视,做为 App 开发人员,从一开始就让 API 都走 SSL 也是十分必要的.但是光这样就足够了吗? SSL 可以保护线上 API 数据不被篡 ...

  3. SSLPinning简介,使用Xposed+JustTrustMe来突破SSL Pinning

    0x00 前面 如果你是一干Web安全的,当你在测试目前大多数的手机APP应用程序时,你一定遇到过burpsuite无法抓到数据包的情况,开始你以为只是https的问题,但是当你使用了burpsuit ...

  4. 解决 java 使用ssl过程中出现"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

    今天,封装HttpClient使用ssl时报一下错误: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExc ...

  5. javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certificatio

    场景:Java调用PHP接口,代码部署在服务器上后,调用报错,显示PHP服务器那边证书我这边服务器不信任(我猜的). 异常信息: 2019-08-06 14:00:09,102 [http-nio-4 ...

  6. 异常信息:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed

    上周五遇到一个问题,工程本地编译运行正常,打包本地tomcat运行也正常.部署到测试环境报错: 2017-05-05 09:38:11.645 ERROR [HttpPoolClientsUtil.j ...

  7. 处理Https 异常记录 javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

    http://blog.csdn.net/baidu_18607183/article/details/51595330 https://blogs.oracle.com/java-platform- ...

  8. JAVA_javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name

    tomcat访问https请求返回: javax.net.ssl.SSLProtocolException: handshake alert:  unrecognized_name at sun.se ...

  9. SSL handshake alert: unrecognized_name error since upgrade to Java 1.7

    今天将jdk从1.6升级到1.7,但是HttpUrlConnection连接https出现问题了. javax.net.ssl.SSLProtocolException: handshake aler ...

随机推荐

  1. thingsboard改造使用mysql数据库

    thingsboard从2.2版本开始,兼容关系型数据库与非关系型数据库共用(关系型数据库保存实体类信息.非关系型数据库cassandra保存遥测数据信息).由于国内偏向使用mysql数据库,而非po ...

  2. (17/24) webpack实战技巧:生产环境和开发环境并行设置,实现来回切换

    1. 概述 生产环境和开发环境所需依赖是不同: --开发依赖:就是开发中用到而发布时用不到的.在package.json里面对应的就是devDependencies下面相关配置. --生产依赖: 就是 ...

  3. maven repository pom

    场景: 如果maven setting.xml 中没指定国内的镜像 可以通过在项目中的pom中指定 指定repository : <properties> <java.version ...

  4. inpu控件接受pipe的处理结果

    input控件绑定的变量,要接受用户的输入值,一般只要使用   [(ngModel)]  就可以. 但是,pipe处理结果如何反映到变量里去呢?不知道吧?嘿嘿 这样就可以了 :  <input ...

  5. board_key.h/board_key.c

    /******************************************************************************* Filename: board_key ...

  6. 移动端ios下H5的:active样式失效的解决方法

    在body上绑定一个touchstart事件,空函数就行: document.body.addEventListener('touchstart', function(){}, false) 或者在b ...

  7. matrix矩阵变换参数图形化详解

  8. python学习Day7 数据类型的转换,字符编码演变历程

    一.数据类型的转换 1.1.1.字符转列表:lst1 = str.split(默认空格,也可依据指定字符分界),若无分界字符,就没法拆分,这时可以直接放进list转成列表 ----> s1 = ...

  9. java课程之团队开发冲刺1.6

    一.总结昨天进度 1.依照视频学习了sqlite,但是由于视频的不完整性导致并不知道代码的实际效果怎么样. 二.遇到的问题 1.依据上一条,在date目录下date文件夹中,的确发现了数据库的文件,但 ...

  10. TODO:BGP 建立过程

    //TODO: Quagga 实时监控配置文件