SSL Pinning for powerserver application

Resolved SSL Pinning for powerserver application

How-to

Votes

Undo

Narayana Bhat P
PowerServer
Wednesday, 24 April 2024 11:23 AM UTC

Hi team,

Powerserver deployed application undergone for VA/PT process and observed that SSL pinning to be enabled in application, how we can do this? any guide help us

Below is the observation

Vulnerability: Application is vulnerable to MITM Attacks

Description: The application uses port:443 for the data transmission. However, it was observed that there is no SSL pinning mechanism implemented and the traffic can be intercepted using HTTP proxy tools such as Burpsuite.

Recommendation/ Solution:

Use Obfuscation to rename the methods in the certificate pinning code, which can avoid the SSL hooking to the application.

Who is viewing this page

Responses (1)

Logan Liu @Appeon Accepted Answer Pending Moderation

Thursday, 25 April 2024 01:36 AM UTC
PowerServer
# 1

Hi Narayana,

Please ensure you have disabled the Ignore PowerServer Certificate option and verify again.

Ignore PowerServer certificate errors - - PowerServer 2022 R3 Help (appeon.com)

If need more help, please report your issue via our support ticketing system to ensure it is being properly received by our tech support and tracked at: https://www.appeon.com/standardsupport/

Regards,

Logan

Comment

Narayana Bhat P
Thursday, 25 April 2024 10:32 AM UTC

Dear Logan,

Thanks,

We will check the same or we will raise a ticket in Standard Support

Helpful 0

There are no comments made yet.

Page :
1

There are no replies made for this question yet.
However, you are not allowed to reply to this question.

Please login to post a reply

You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here. Register Here »

Forgot Password?

Resolved SSL Pinning for powerserver application

Find Questions by Tag