To pin or not to pin: an introduction into SSL pinning for Android & iOS presented at Bsidesamsterdam 2017

by Jeroen Willemsen,

Summary : Should you pin? And if so: on what? On the certificate? On the public key? Should you follow http public Key pinning? And to which certificate: leaf, intermediate or root? And how can you easily do this with Android and iOS? In this talk we will briefly go to the highlights on pinning on mobile and if you do it, how you can best apply it.