31st
Oct
Oct
codesplice recently ran a Lunchtime Learning session at spacecubed on Certificate Pinning. This was fairly well received, and I'll be looking to do more of these in future.
For the uninitiated, Certificate Pinning (or SSL pinning) is a technique that can be used to protect against SSL Man in the Middle attacks. Essentially your app is configured to ignore the OS trusted Certificate Authorities, and only trust a specific CA or Certificate. Often only the public key is pinned to allow for certificate regeneration.
This is part of a broader recent focus on mobile app security - we feel this is an area many apps can improve in, so keep an eye out for more events in this space.