I am an IS auditor and I perform security audits on my company's mobile apps. I am using the SSL Kill Switch 2 tool during security tests and bypassing certificate pinning. Very useful tool and thank you for that :)
One question raised during the audit. Is there a way to detect ssl kill switch 2 or a similar bypassing tool installed on device? Can a mobile application do that?
I am preparing a recommendation for a detection control. But first, I need to learn whether the detection control is feasible or not.
1trackprojects1
commented
2 years ago
Hi,
I am an IS auditor and I perform security audits on my company's mobile apps. I am using the SSL Kill Switch 2 tool during security tests and bypassing certificate pinning. Very useful tool and thank you for that :)
One question raised during the audit. Is there a way to detect ssl kill switch 2 or a similar bypassing tool installed on device? Can a mobile application do that?
I am preparing a recommendation for a detection control. But first, I need to learn whether the detection control is feasible or not.
Kind regards.