๐ŸŽ New User? Get 20% off your first purchase with code NEWUSER20 ยท โšก Instant download ยท ๐Ÿ”’ Secure checkout Register Now โ†’
Menu

Categories

Security Advanced

What is Certificate Pinning?

A security technique that associates a host with its expected TLS certificate or public key, preventing man-in-the-middle attacks with fraudulent certificates.

Certificate pinning validates that a server presents a specific certificate or public key, rather than any certificate signed by a trusted CA. This protects against compromised Certificate Authorities and rogue certificates. Implementation approaches include pinning the leaf certificate (most restrictive), pinning the intermediate CA certificate, or pinning the public key (most flexible during certificate renewal). Mobile apps commonly use certificate pinning for API communication. Challenges include handling certificate rotation (pin the backup key too) and debugging (pinning failures are silent). HTTP Public Key Pinning (HPKP) for browsers was deprecated due to the risk of permanent lockout.

Related Terms

Brute Force Attack
An attack method that systematically tries all possible combinations of passwords or keys until the correct one is found.
SIEM (Security Information and Event Management)
A platform that collects, correlates, and analyzes security events from across an organization to detect threats and incidents.
SAST (Static Application Security Testing)
Automated analysis of source code to find security vulnerabilities without executing the application.
DAST (Dynamic Application Security Testing)
Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.
Security Audit
A systematic examination of an information system to assess compliance with security policies, identify vulnerabilities, and verify controls.
OWASP Top 10
A regularly updated list of the ten most critical web application security risks, published by the Open Web Application Security Project.
View All Security Terms โ†’