Avoiding Blunders When Implementing SSL for Apps
Imaging installing a new deadbolt on your backdoor and after all the measuring, drilling, sizing, and installation you stand back to admire your work only to notice the lock was installed backwards. The device implemented to keep people out will now let them in. As noted by several university researchers, including Dan Boneh of Stanford University at RSA13, this is the same issue developers are facing when they poorly implement SSL/TLS security within their mobile applications. The flaw is not in the security technology but in its implementation.
It is natural to assume that I don’t need to sell you on the fact that you need to have all aspects of your information security program in line without any loop holes. Implementing SSL within non-browser apps has been laid out to make it clear and easy for any user or developer within this white paper. A Quick Guide to SSL for Apps is a short read that features the checks developers must utilize when building the chain of trust from Root to Intermediate to End Entity.