Questions tagged [certificate-pinning]

It looks like certificates with extended validation provide better protection than certificate pinning, but I'm unsure about this.

Talking with people, it is frequently considered that having a mobile application without certificate pinning is a vulnerability. But I rarely see people mentioning it for web applications. The question is, why is this issue only mentioned for…

To implement Cert Pinning on a native mobile app on (e.g. iOS), a new API end-point is being established (e.g. api.example.com). This URL will be setup with a self-signed SSL certificate. This API end-point URL is meant to be consumed only by this…

So I have been reading about SSL pinning in context of a requirement where we have to interact with a web service operated by a partner of ours. We have an Android App and we would be making network calls to their service in a WebView(embedded web…