Welcome to our Secure Development Tips blog

Every other week, we provide expert tech tips on how to build and deploy secure applications.  These best practices, derived from Security Innovation’s assessments of the worlds’ most dominant software applications,  are taken directly from our TeamMentor product, which includes more than 3,500 guidance assets and articles on secure software design, coding and testing.    

Recent Security Innovation Blog Post:

Subscribe by Email

Your email:

Secure Development Tips

a blog with tips relating to secure application development, from Security Innovation's eknowledge database, TeamMentor

Current Articles | RSS Feed RSS Feed

Disable Self-signed SSL Certificates

  
  

Applies To

  • iOS applications that send or receive sensitive data over the network.

What to Do

Disable the use of self-signed SSL certificates.

Why

Allowing the use of self-signed SSL certificates enables some types of man-in-the-middle attacks.

How

Self-signed SSL certificates are not allowed by default. Do not allow them. Avoid using the allowsAnyHTTPSCertificateForHost method in production releases, because it allows self-signed SSL certificates. Do not use the continueWithoutCredentialForAuthenticationChallenge selector within the didReceiveAuthenticationChallenge delegate method of NSURLConnection objects, because it enables self-signed SSL certificates.

Comments

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics