Subscribe via RSS
Toggle Submenu
  1. Categories
  2. Recent
  3. Tags
View Replies (1)

Resolved SSL Pinning for powerserver application

  1. How-to
0
Votes
Undo
  1. Narayana Bhat P
    Narayana Bhat P
  2. PowerServer
  3. Wednesday, 24 April 2024 11:23 AM UTC

Hi team,

Powerserver deployed application undergone for VA/PT process and observed that SSL pinning to be enabled in application, how we can do this? any guide help us

Below is the observation

Vulnerability: Application is vulnerable to MITM Attacks

Description: The application uses port:443 for the data transmission. However, it was observed that there is no SSL pinning mechanism implemented and the traffic can be intercepted using HTTP proxy tools such as Burpsuite.

Recommendation/ Solution:

 Use Obfuscation to rename the methods in the certificate pinning code, which can avoid the SSL hooking to the application.

 

  1. PowerServer
  2. Security
Session creation failed. Cause: Internal Server Er...
Azure App Service Powerserver "Failed to download ...
Accepted Answer
Logan Liu @Appeon
Logan Liu @Appeon Accepted Answer Pending Moderation
  1. Thursday, 25 April 2024 01:36 AM UTC
  2. PowerServer
  3. # Permalink

Hi Narayana,

Please ensure you have disabled the Ignore PowerServer Certificate option and verify again.

Ignore PowerServer certificate errors - - PowerServer 2022 R3 Help (appeon.com)

If need more help, please report your issue via our support ticketing system to ensure it is being properly received by our tech support and tracked at: https://www.appeon.com/standardsupport/

Regards, 

Logan

Comment
Narayana Bhat P
  1. Narayana Bhat P
  2. Thursday, 25 April 2024 10:32 AM UTC
Dear Logan,



Thanks,

We will check the same or we will raise a ticket in Standard Support
  1. Helpful
Narayana Bhat P
  1. Narayana Bhat P
  2. Wednesday, 8 May 2024 10:26 AM UTC
Dear Logan,



Post disabled the Ignore PowerServer Certificate site is sceure now, thanks for the support

  1. Helpful
There are no comments made yet.
Responses (1)


There are replies in this question but you are not allowed to view the replies from this question.