- Narayana Bhat P
- PowerServer
- Wednesday, 24 April 2024 11:23 AM UTC
Hi team,
Powerserver deployed application undergone for VA/PT process and observed that SSL pinning to be enabled in application, how we can do this? any guide help us
Below is the observation
Vulnerability: Application is vulnerable to MITM Attacks
Description: The application uses port:443 for the data transmission. However, it was observed that there is no SSL pinning mechanism implemented and the traffic can be intercepted using HTTP proxy tools such as Burpsuite.
Recommendation/ Solution:
Use Obfuscation to rename the methods in the certificate pinning code, which can avoid the SSL hooking to the application.
Find Questions by Tag
Helpful?
If a reply or comment is helpful for you, please don’t hesitate to click the Helpful button. This action is further confirmation of their invaluable contribution to the Appeon Community.