NowSecure

We deliver mobile app security testing, incident response, and compliance solutions.

certificate pinning

certificate pinning and hostname verification

Certificate Pinning and Hostname Verification: Don’t Get Pinned by a Mobile Man-In-The-Middle Attack

Recent news stories have brought attention to a research paper (“Spinner: Semi-Automatic Detection of Pinning without Hostname Verification”) published this week highlighting man-in-the-middle (MITM) vulnerabilities in a number of public mobile apps. The vulnerability springs from a failure to validate that the hostname on the certificate matches the actual host to which an app connects.

Read Now >

Certificate pinning for Android & iOS: Man-in-the-Middle Attack Prevention

Certificate pinning for Android and iOS: Mobile man-in-the-middle attack prevention

Implementing certificate pinning in mobile apps that handle highly sensitive data provides too much benefit to be passed over. Users can be tricked into installing a malicious self-signed certificate on a mobile device, setting the stage for a man-in-the-middle attack.  In those situations, certificate pinning can still prevent the interception of an app’s network traffic.

Read Now >

PRIVACY DISCLOSURE: NowSecure uses first party and third party cookies to provide functions of this website and our services, to uniquely identify visitors, to analyze use of our website, and to target our marketing. You can choose to block cookies using your browser settings. By continuing to use our website or services you indicate your agreement. To learn more about the cookies we use and how we may collect and use your personal data, visit our Privacy Policy

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close