Ssl

In 2014, security researchers discovered a critical vulnerability in the HSBC mobile banking app for iOS. The app was found to be susceptible to man-in-the-middle (MITM) attacks, allowing attackers to intercept and manipulate sensitive financial information. The root of the problem? The absence of SSL pinning. Without SSL pinning, the app was vulnerable to accepting any SSL certificate, even a forged one, which enabled attackers to eavesdrop on the communication between the app and HSBC’s servers. This security flaw put users’ banking information at risk and highlighted a significant gap in the app’s security framework. ...

A few weeks ago, I got a task from my manager that seemed straightforward at first: set up a development environment for one of our upcoming projects. The catch? It needed to be accessible over HTTPS, just like our production sites. Now, getting a certificate from a trusted Certificate Authority (CA) for a development environment didn’t make much sense, and we certainly didn’t want to incur extra costs or deal with the complexities of a CA for something internal. ...