Stick a Pin in Certificate Pinning - How to Inspect Mobile Traffic and Stop Data Exfiltration

Explore the challenges of inspecting encrypted mobile traffic and preventing data exfiltration in this 59-minute conference talk from BSidesSF 2015. Delve into the concept of certificate pinning, its implementation in popular mobile apps, and its impact on corporate security measures. Learn how malicious insiders and attackers can exploit certificate pinning to bypass security controls. Discover a proposed solution using mobile app virtualization to balance employee access to favorite apps with organizational security needs. Gain insights into cryptography trends and their implications for IT security, equipping yourself with knowledge to address the growing concerns of SSL inspection and data loss prevention in mobile environments.