Security Advanced

What is Certificate Pinning?

A security technique that associates a host with its expected TLS certificate or public key, preventing man-in-the-middle attacks with fraudulent certificates.

Certificate pinning validates that a server presents a specific certificate or public key, rather than any certificate signed by a trusted CA. This protects against compromised Certificate Authorities and rogue certificates. Implementation approaches include pinning the leaf certificate (most restrictive), pinning the intermediate CA certificate, or pinning the public key (most flexible during certificate renewal). Mobile apps commonly use certificate pinning for API communication. Challenges include handling certificate rotation (pin the backup key too) and debugging (pinning failures are silent). HTTP Public Key Pinning (HPKP) for browsers was deprecated due to the risk of permanent lockout.

Learn More About This Topic

Windows PKI & Certificates

Related reading

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Related Terms

CSRF (Cross-Site Request Forgery)

An attack that tricks authenticated users into submitting unwanted requests to a web application they are logged into.

XSS (Cross-Site Scripting)

An attack that injects malicious scripts into web pages viewed by other users, potentially stealing data or session tokens.

Cryptographic Key Management

The practices and procedures for generating, storing, distributing, rotating, and revoking encryption keys securely.

A systematic examination of an information system to assess compliance with security policies, identify vulnerabilities, and verify controls.

Session Hijacking

An attack where an adversary takes over a legitimate user session by stealing or predicting the session identifier.

WAF (Web Application Firewall)

A security solution that filters and monitors HTTP traffic between a web application and the internet, blocking common attacks.

View All Security Terms →