Security.ssl-pinning
SSL Pinning
1. What's SSL Pinning?
"SSL Pinning is making sure the client checks the server’s certificate against a known copy of that certificate.
Simply bundle your server’s SSL certificate inside your application, and make sure any SSL request first validates
that the server’s certificate exactly matches the bundle’s certificate. " Ref[1]
"The method used to do this is: connection:willSendRequestForAuthenticationChallenge: inside the NSURLConnectionDelegate protocol.
This method gets called when an SSL connection is made, giving you, the programmer, a chance to inspect the authentication
challenge and either proceed or fail." Ref[1]
2. SSL Pinning in AFNetworking
Ref[9], Ref[8]
Reference
1. SSL Pinning for Increased App Security (Read Again) (AAAA)
https://possiblemobile.com/2013/03/ssl-pinning-for-increased-app-security/
2. How to make your iOS apps more secure with SSL pinning
https://infinum.co/the-capsized-eight/how-to-make-your-ios-apps-more-secure-with-ssl-pinning
3. ANDROID SSL PINNING USING OKHTTP
https://medium.com/@develodroid/android-ssl-pinning-using-okhttp-ca1239065616
4. SSL Pinning in UWP Apps
http://resources.infosecinstitute.com/ssl-pinning-in-uwp-apps/
5. Exploring SSL Pinning on iOS
https://nabla-c0d3.github.io/blog/2013/02/19/ios-pinning/
6. MITM ATTACKS & SSL PINNING: WHAT IS IT AND WHY YOU SHOULD CARE.
https://www.ionic.com/blog/mitm-attacks-ssl-pinning-what-is-it-and-why-you-should-care/
7. Android Security: SSL Pinning
https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e
8. About Public Key Pinning (To Read)
https://noncombatant.org/2015/05/01/about-http-public-key-pinning/
https://security.stackexchange.com/questions/29988/what-is-certificate-pinning
9. SSL MiTM attack in AFNetworking 2.5.1 - Do NOT use it in production! (To Read)
http://blog.mindedsecurity.com/2015/03/ssl-mitm-attack-in-afnetworking-251-do.html
10. How to make your iOS apps more secure with SSL pinning (To Read)
https://infinum.co/the-capsized-eight/how-to-make-your-ios-apps-more-secure-with-ssl-pinning
11. Certificate and Public Key Pinning (To Read)
https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
12. Android Security: SSL Pinning
https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e
13. Certificate Pinning in a Mobile Application
https://blog.netspi.com/certificate-pinning-in-a-mobile-application/
14. How to make your iOS apps more secure with SSL pinning
https://infinum.co/the-capsized-eight/how-to-make-your-ios-apps-more-secure-with-ssl-pinning
15. 验证 HTTPS 请求的证书(五)
https://draveness.me/afnetworking5
16. Android Security: SSL Pinning
https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e
17. Prevent bypassing of SSL certificate pinning in iOS applications
https://www.guardsquare.com/en/blog/iOS-SSL-certificate-pinning-bypassing
18. SSL pinning in iOS - Swift edition
https://infinum.co/the-capsized-eight/ssl-pinning-revisited
Security.ssl-pinning的更多相关文章
- 如何使用SSL pinning来使你的iOS APP更加安全
SSL pinning在构建一个高度安全的移动APP上扮演了一个十分重要的角色.然而如今好多用户在使用无线移动设备去访问无数不安全的无线网络. 这篇文章主要覆盖了SSL pinning 技术,来帮助我 ...
- iOS SSL Pinning 保护你的 API
随着互联网的发展,网站全面 https 化已经越来越被重视,做为 App 开发人员,从一开始就让 API 都走 SSL 也是十分必要的.但是光这样就足够了吗? SSL 可以保护线上 API 数据不被篡 ...
- SSLPinning简介,使用Xposed+JustTrustMe来突破SSL Pinning
0x00 前面 如果你是一干Web安全的,当你在测试目前大多数的手机APP应用程序时,你一定遇到过burpsuite无法抓到数据包的情况,开始你以为只是https的问题,但是当你使用了burpsuit ...
- 解决 java 使用ssl过程中出现"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
今天,封装HttpClient使用ssl时报一下错误: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExc ...
- javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certificatio
场景:Java调用PHP接口,代码部署在服务器上后,调用报错,显示PHP服务器那边证书我这边服务器不信任(我猜的). 异常信息: 2019-08-06 14:00:09,102 [http-nio-4 ...
- 异常信息:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed
上周五遇到一个问题,工程本地编译运行正常,打包本地tomcat运行也正常.部署到测试环境报错: 2017-05-05 09:38:11.645 ERROR [HttpPoolClientsUtil.j ...
- 处理Https 异常记录 javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
http://blog.csdn.net/baidu_18607183/article/details/51595330 https://blogs.oracle.com/java-platform- ...
- JAVA_javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
tomcat访问https请求返回: javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name at sun.se ...
- SSL handshake alert: unrecognized_name error since upgrade to Java 1.7
今天将jdk从1.6升级到1.7,但是HttpUrlConnection连接https出现问题了. javax.net.ssl.SSLProtocolException: handshake aler ...
随机推荐
- Bootstrap treeview增加或者删除节点
参考(AddNode: http://blog.csdn.net/qq_25628235/article/details/51719917,deleteNode:http://blog.csdn.ne ...
- 系统设计与架构笔记:ETL工具开发和设计的建议
最近项目组里想做一个ETL数据抽取工具,这是一个研发项目,但是感觉公司并不是特别重视,不重视不是代表它不重要,而是可能不会对这个项目要求太高,能满足我们公司的小需求就行,想从这个项目里衍生出更多的东西 ...
- 警惕 MySql 更新 sql 的 WHERE 从句中的 IN() 子查询时出现的性能陷阱
警惕 MySql 更新 sql 的 WHERE 从句中的 IN() 子查询时出现的性能陷阱 以下文章来源:https://blog.csdn.net/defonds/article/details/4 ...
- 如何监控Redis性能指标(译)
Redis给人的印象是简单.很快,但是不代表它不需要关注它的性能指标,此文简单地介绍了一部分Redis性能指标.翻译过程中加入了自己延伸的一些疑问信息,仍然还有一些东西没有完全弄明白.原文中Metri ...
- Spring再接触 集合注入
beans.xml <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="htt ...
- 前端面试之Javascript
1,JS基本的数据类型和引用类型: (1)基本数据类型:number,string,null,undefined,symbol--栈: (2)引用数据类型:object,array,function- ...
- mysql学习一 常用语句
操作系统为windows 1 启动关闭mysql服务 //windows mysqld --console //开启mysql服务 mysqladmin -uroot shutdown //关闭my ...
- Centos6.3下搭建apache+https服务
1. 安装插件 yum install mod_ssl openssl openssl-devel --downloadonly --downloaddir=/home/https 2.生成私钥 op ...
- 机器学习--Xgboost调参
Xgboost参数 'booster':'gbtree', 'objective': 'multi:softmax', 多分类的问题 'num_class':10, 类别数,与 multisoftma ...
- npm 命令
npm instal moduleName [-g] :安装模块,有 -g 或 --global 是全局安装 npm install -g cnpm --registry=https://regis ...