Переглядів 30,729
In this video, I’ve discussed about some of the good practices for enhancing the security of an iOS Application. I’ve demonstrated that how Charles can be used for intercepting the web service calls, how HTTPS prevents it. Further, how Man In The Middle Attack can be performed (using Proxy certificate) for bypassing HTTPS security. What is SSL Certificate, how does it work, asymmetric cryptography, why it should be pinned (SSL Pinning) with the app, Certificate Pinning and Public Key Pinning, in what scenario can SSL pinning fail and obfuscation.
Implementation of Certificate Pinning -
gist.github.com/pallavtrivedi...
Inspiration & implementation of Public Key Pinning -
/ ssl-pinning
Credits -
Hacking video (used in starting of the video) by Mikhail Nilov from Pexels
www.pexels.com/@mikhail-nilov...
Chapters 👇🏼
00:00 Start
00:09 Introduction
01:07 Intercepting web service calls made over HTTP
02:23 Configuring Charles
05:40 How HTTPS differs from HTTP
07:55 Asymmetric Cryptography
08:41 SSL Certificate and it’s working
11:19 Man In The Middle Attack (Concept)
12:20 Man In The Middle Attack (In Action)
15:43 SSL Pinning
22:24 Obfuscation