Certificate Pinning – Page 7

Defeat iOS Certificate Pinning by replacing the hardcoded certificate in the executable?

Posted on March 23, 2019 by scugn1zz0

I’m analysing an iOS application and its communications through Charles.
I have access to most of SSL communications but not all, due to certificate pinning.

I know that there are many different ways for defeating certificat… Continue reading Defeat iOS Certificate Pinning by replacing the hardcoded certificate in the executable?→

More clarity on Certificate, public key, hash

Posted on January 31, 2019 by Ramcharan Reddy

I’m new to this certificate and public keys. So I’ve a certificate. I exported as .pem. I opened it in textEdit and it looks like the below.

I’ve used below command to see what this certificate contains.

openssl x509 -inf… Continue reading More clarity on Certificate, public key, hash→

Proxying an Android app protected with certificate sign request with Burp Suite

Posted on January 21, 2019 by wintergrascph

I’d like to proxy an Android application with Burp Suite. The application uses certificate pinning via OkHttp3. I solved this by modifying the source code, now the application accepts the certificates generated by Burp Suite’… Continue reading Proxying an Android app protected with certificate sign request with Burp Suite→

Mutual SSL for clients of SaaS cloud service

Posted on December 11, 2018 by xsreality

My company is launching cloud based SaaS service. There will be clients from different tenants connecting to our services via mutual SSL.

The clients would use a library provided by us to connect to the service. This Java based library w… Continue reading Mutual SSL for clients of SaaS cloud service→

Best Practice to implement Pinning SSL

Posted on November 17, 2018 by Kain

In my app I am implementing Asymmetric encryption, thus obtaining a private key and a public key.

The two keys are used to encrypt and decrypt messages exchanged between two users in chat

Now I would like to save the privat… Continue reading Best Practice to implement Pinning SSL→

DJI Patches Forum Bug That Allowed Drone Account Takeovers

Posted on November 8, 2018 by Tom Spring

Bug opened door for malicious link attack, giving hacker access to stored DJI drone data of commercial and consumer customers. Continue reading DJI Patches Forum Bug That Allowed Drone Account Takeovers→

Common Security Mistakes when Developing Swift Applications – Part I

Posted on October 21, 2018 by Paulo Silva

Overview: Data Storage and Communication Security Swift was first introduced in 2014 at Apple’s Worldwide Developers Conference (WWDC) as the iOS, macOS, watchOS and tvOS de facto programming language. Designed by Chris Lattner and many othe… Continue reading Common Security Mistakes when Developing Swift Applications – Part I→

Does a public key stay the same when a certificate is renewed? [duplicate]

Posted on September 25, 2018 by Michael Long

This question already has an answer here:

X.509 certificate renew vs. rekey

2 answers

New certificate but what about the ke… Continue reading Does a public key stay the same when a certificate is renewed? [duplicate]→

Configuration for Windows account mapped to IIS certificate authorization

Posted on September 11, 2018 by Juan

I need to connect two servers in different locations in order for one of them (Linux stack) issues HTTP periodic requests to the other (Windows stack) using cron based jobs.

On the Windows machine, I am going to set up an II… Continue reading Configuration for Windows account mapped to IIS certificate authorization→

Token Binding vs SSL Pinning vs Mutual TLS?

Posted on August 22, 2018 by SecQuestionnA

Would love to understand more the differences and where should I use each

Continue reading Token Binding vs SSL Pinning vs Mutual TLS?→