Reputation: 17
How do I enable Application Transport Security (ATS) restrictions
How do I, Ensure ATS is enabled within the iOS mobile application so that confidential information sent between the application and the back end servers are secured and not to be intercepted by man-inthe-middle style attacks.
Below is what I already set but still Fails for the penetration test.enter image description here
Upvotes: 0
Views: 275
Answers (1)
Reputation: 1792
Preventing Man-in-the-Middle Attacks in iOS with SSL Pinning.
Restricting the set of trusted certificates through pinning prevents attackers from analyzing the functionality of the app and the way it communicates with the server.
Types of SSL Certificate Pinning
Pin the certificate: You can download the server’s certificate and bundle it into your app. At runtime, the app compares the server’s certificate to the one you’ve embedded.
Pin the public key: You can retrieve the certificate’s public key and include it in your code as a string. At runtime, the app compares the certificate’s public key to the one hard-coded in your code.
There are multiple blogs available on topic of SSL pinning. for your reference attaching one Please go through this to understand SSL pinning
Upvotes: 1
Related Questions
- ATS setting NSAllowsArbitraryLoadsInWebContent not working
- Disable App Transport Security for Simulator only
- Application Transport Security (ATS) and app submission
- Apple App Transport Security (ATS) for Enterprise Application
- Is it possible to modify ATS settings programmatically
- Raise exception on App Transport Security?
- (ATS) Application Transport Security iOS 9
- How do you change App Transport Security Settings based on the build configuration?
- How do I find out which HTTP requests are being blocked by App Transport Security?
- iOS 9: Application Transport Security plist configurations