Pinning: Not as simple as it sounds (by John Kozyrakis)




Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Mar 20, 2017

Talk on "Pinning: Not as simple as it sounds" by John Kozyrakis at the Android Security Symposium in Vienna, Austria, 8-10 March 2017

*** Abstract ***
Certificate pinning trends perennially, coming to the fore with each new SSL hack. Security urges developers to implement pinning and many mobile apps do — some applying pinning to problems it doesn't solve while others do so entirely unnecessarily.

Taking a perspective useful to both developers and testers, this presentation highlights the threats that pinning can tackle and covers the tradeoffs inherent in pinning decisions. The presentation explores several flaws found in real applications and describes changes introduced in recent Android versions.

Expect to leave understanding common implementations mistakes, common misconceptions and key subtleties of pinning that may in fact decrease security or impose undue complexity.

*** Android Security Symposium ***
The second Android Security Symposium was organized by the Josef Ressel Center u'smile at the University of Applied Sciences Upper Austria in Hagenberg in cooperation with SBA Research and the Institute of Networks and Security (INS) at Johannes Kepler University Linz.

This video is provided by the Josef Ressel Center for User-friedly Secure Mobile Environments (u'smile), a research group at the University of Applied Sciences Upper Austria.

Copyright (c) FH OÖ Forschungs & Entwicklungs GmbH • All rights reserved. • https://usmile.at/impressum


When autoplay is enabled, a suggested video will automatically play next.

Up next

to add this to Watch Later

Add to

Loading playlists...