Two weeks ago I presented (once more) on the topic of pinning, this time focusing on bugs seen in real-world Android applications implementing pinning. The presentation also covered CVE-2016-2402 in some detail, Android’s Network Security Configuration and a few other relevant topics.
The conference was Android Security Symposium - a great security event, hosted in an awesome venue within Vienna University of Technology.
This presentation was a follow-up on my previous work on pinning, presented at OWASP AppSecEU16. That one focused on pinning concepts from an architect’s perspective, describing the high-level decisions that need to be made before implementing this control.