In this video, I’ve discussed about some of the good practices for enhancing the security of an iOS Application. I’ve demonstrated that how Charles can be used for intercepting the web service calls, how HTTPS prevents it. Further, how Man In The Middle Attack can be performed (using Proxy certificate) for bypassing HTTPS security. What is SSL Certificate, how does it work, asymmetric cryptography, why it should be pinned (SSL Pinning) with the app, Certificate Pinning and Public Key Pinning, in what scenario can SSL pinning fail and obfuscation.
Implementation of Certificate Pinning -
https://gist.github.com/pallavtrivedi03/ef13f9b719d6cd845c9515871bf0117c
Inspiration & implementation of Public Key Pinning -
https://medium.com/flawless-app-stories/ssl-pinning-254fa8ca2109
Credits -
Hacking video (used in starting of the video) by Mikhail Nilov from Pexels
https://www.pexels.com/@mikhail-nilov?utm_content=attributionCopyText&utm_medium=referral&utm_source=pexels
Chapters 👇🏼
00:00 Start
00:09 Introduction
01:07 Intercepting web service calls made over HTTP
02:23 Configuring Charles
05:40 How HTTPS differs from HTTP
07:55 Asymmetric Cryptography
08:41 SSL Certificate and it’s working
11:19 Man In The Middle Attack (Concept)
12:20 Man In The Middle Attack (In Action)
15:43 SSL Pinning
22:24 Obfuscation
37.260 Lượt nghe
Video
