Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

When Security Gets in the Way - Pen Testing Apps That Use Certificate Pinning

Black Hat via YouTube

Overview

Explore a conference talk from Black Hat USA 2012 that delves into the challenges of penetration testing mobile applications using certificate pinning. Learn about the increasing adoption of SSL certificate pinning by popular apps like Chrome, Twitter, and card.io to enhance network communication security. Discover how this technique authenticates servers without relying on device trust stores, and understand its impact on black-box testing. Gain insights into innovative tools developed for both Android and iOS platforms that enable testers to bypass certificate pinning. Examine the iOS Mobile Substrate "tweak" for run-time SSL function hooking and the custom JDWP debugger for Android API hooking. Understand the techniques used to create these tools, common use case scenarios, and witness live demonstrations of their capabilities in overcoming security obstacles during penetration testing.

Syllabus

Black Hat USA 2012 - When Security Gets in the Way: Pen Testing Apps that use Certificate Pinning

Taught by

Black Hat

Reviews

Start your review of When Security Gets in the Way - Pen Testing Apps That Use Certificate Pinning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.