🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

Security Advanced

What is Certificate Pinning?

A security technique that associates a host with its expected TLS certificate or public key, preventing man-in-the-middle attacks with fraudulent certificates.

Certificate pinning validates that a server presents a specific certificate or public key, rather than any certificate signed by a trusted CA. This protects against compromised Certificate Authorities and rogue certificates. Implementation approaches include pinning the leaf certificate (most restrictive), pinning the intermediate CA certificate, or pinning the public key (most flexible during certificate renewal). Mobile apps commonly use certificate pinning for API communication. Challenges include handling certificate rotation (pin the backup key too) and debugging (pinning failures are silent). HTTP Public Key Pinning (HPKP) for browsers was deprecated due to the risk of permanent lockout.

Related Terms

SQL Injection
An attack where malicious SQL code is inserted into application queries through user input to access or manipulate the database.
Man-in-the-Middle Attack
An attack where the attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly.
CORS (Cross-Origin Resource Sharing)
A browser security mechanism that controls which web domains can access resources from another domain via HTTP requests.
Cryptographic Key Management
The practices and procedures for generating, storing, distributing, rotating, and revoking encryption keys securely.
WAF (Web Application Firewall)
A security solution that filters and monitors HTTP traffic between a web application and the internet, blocking common attacks.
Data Loss Prevention (DLP)
A strategy and set of tools that detect and prevent unauthorized transmission of sensitive data outside an organization.
 View All Security Terms →