Network level

Any data between the device and the server is over the network level. The following screen capture provides the high-level mind map for network-level protection:

Certificate pinning

Certificate pinning is process of associating a host with expected X509 certificate or public key; once exposed, this certificate will be pinned to a device. We also did the Tweaks on how to bypass these techniques in Chapter 7, Full Steam Ahead – Attacking iOS Applications in the section Beating the SSL certificate pinning. Certificate pinning is the only solution to prevent MitM attacks.

In iOS, cert pinning is done through NSURLConnectionDelegate. This ...

Get Mobile Application Penetration Testing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mobile Application Penetration Testing by Vijay Kumar Velu

Network level

Certificate pinning

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly