As we create a website/application to run on a server and pin a certificate into the code, we always connect to that server securely. There are three things that the client and server must agree upon:
(1) How will keys be exchanged?
(2) How will data be encrypted?
(3) How will messages be marked as authentic?
But what if someone intercepts the communication and serves a different website, it then becomes difficult to differentiate from the original one. It is the shady certificate, termed as a man-in-the-middle attack. Another one is DNS poisoning. Your client-side code will validate it even after serving a different domain – easy spoofing. You're able to communicate with the attacker, who blocked the communication with the server and checked all the data. Let’s find out more about SSL pinning basics!
Carrying-Out SSL Pinning in iOS Apps
0
Zupyak is the world’s largest content marketing community, with over
400 000 members and 3 million articles. Explore and get your content
discovered.
Read more
Press enter to search