zoukankan      html  css  js  c++  java

  • Security.ssl-pinning

    SSL Pinning

    1. What's SSL Pinning?

    "SSL Pinning is making sure the client checks the server’s certificate against a known copy of that certificate.

    Simply bundle your server’s SSL certificate inside your application, and make sure any SSL request first validates

    that the server’s certificate exactly matches the bundle’s certificate. " Ref[1]

    "The method used to do this is: connection:willSendRequestForAuthenticationChallenge: inside the NSURLConnectionDelegate protocol.

    This method gets called when an SSL connection is made, giving you, the programmer, a chance to inspect the authentication

    challenge and either proceed or fail." Ref[1]

    2. SSL Pinning in AFNetworking 

    Ref[9], Ref[8] 

    Reference

    1. SSL Pinning for Increased App Security (Read Again) (AAAA)

    https://possiblemobile.com/2013/03/ssl-pinning-for-increased-app-security/

    2. How to make your iOS apps more secure with SSL pinning

    https://infinum.co/the-capsized-eight/how-to-make-your-ios-apps-more-secure-with-ssl-pinning

    3. ANDROID SSL PINNING USING OKHTTP

    https://medium.com/@develodroid/android-ssl-pinning-using-okhttp-ca1239065616

    4. SSL Pinning in UWP Apps

    http://resources.infosecinstitute.com/ssl-pinning-in-uwp-apps/

    5. Exploring SSL Pinning on iOS

    https://nabla-c0d3.github.io/blog/2013/02/19/ios-pinning/

    6. MITM ATTACKS & SSL PINNING: WHAT IS IT AND WHY YOU SHOULD CARE.

    https://www.ionic.com/blog/mitm-attacks-ssl-pinning-what-is-it-and-why-you-should-care/

    7. Android Security: SSL Pinning

    https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e

    8. About Public Key Pinning (To Read)

    https://noncombatant.org/2015/05/01/about-http-public-key-pinning/

    https://security.stackexchange.com/questions/29988/what-is-certificate-pinning

    9. SSL MiTM attack in AFNetworking 2.5.1 - Do NOT use it in production! (To Read)

    http://blog.mindedsecurity.com/2015/03/ssl-mitm-attack-in-afnetworking-251-do.html

    10. How to make your iOS apps more secure with SSL pinning (To Read)

    https://infinum.co/the-capsized-eight/how-to-make-your-ios-apps-more-secure-with-ssl-pinning

    11. Certificate and Public Key Pinning (To Read)

    https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning

    12. Android Security: SSL Pinning

    https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e

    13. Certificate Pinning in a Mobile Application

    https://blog.netspi.com/certificate-pinning-in-a-mobile-application/

    14. How to make your iOS apps more secure with SSL pinning

    https://infinum.co/the-capsized-eight/how-to-make-your-ios-apps-more-secure-with-ssl-pinning

    15. 验证 HTTPS 请求的证书(五)

    https://draveness.me/afnetworking5

    16. Android Security: SSL Pinning

    https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e

    17. Prevent bypassing of SSL certificate pinning in iOS applications

    https://www.guardsquare.com/en/blog/iOS-SSL-certificate-pinning-bypassing

    18. SSL pinning in iOS - Swift edition

    https://infinum.co/the-capsized-eight/ssl-pinning-revisited
  • 相关阅读:
    shell 基本系统命令,关机重启,查看版本,查手册,日期,磁盘,历史命令
    shell 命令 文件查看ls,复制cp,移动mv,查看文件内容cat more less,查看文件信息 file
    luoguP1850 换教室
    bzoj2091: [Poi2010]The Minima Game DP
    luoguP1281 书的复制 DP,贪心
    loj6068. 「2017 山东一轮集训 Day4」棋盘 二分图,网络流
    bzoj1133: [POI2009]Kon
    luogu3426 [POI2005]SZA-Template 后缀树
    loj#2483. 「CEOI2017」Building Bridges 斜率优化 cdq分治
    loj2353. 「NOI2007」 货币兑换
  • 原文地址:https://www.cnblogs.com/cwgk/p/6941419.html
Copyright © 2011-2022 走看看