cwong-scw
commented
3 years ago code injection again
Open cwong-scw opened 3 years ago
cwong-scw
commented
3 years ago code injection again
cwong-scw
commented
3 years ago jwaef iojwef certificate pinning
dev-secure-code-warrior-pilot[bot]
commented
3 years ago Secure channels are a cornerstone to users and employees working remotely and on the go. Users and developers expect end-to-end security when sending and receiving data - especially sensitive data on channels protected by VPN, SSL, or TLS. However, this mitigation can be bypassed to analyze the traffic between the client and the server by installed a trusted certificate on the device.
SSL Pinning makes sure the client checks the server’s certificate against a known copy of that certificate. Hence, the client can only communicate against that server and will not trust any trusted certificates installed on the device.
Identify the lines where SSL pinning check is being implemented. Identify flaws in that method that can be eventually bypassed.
difjaoiejf code injection fbfdxoighd