Which of the following would be the BEST solution against this type of attack?

A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks.

Which of the following would be the BEST solution against this type of attack?
A . Cookies
B . Wildcard certificates
C . HSTS
D . Certificate pinning

View Answer

Answer: D

Explanation:

Reference: https://cloud.google.com/security/encryption-in-transit

Certificate pinning is a technique that can prevent HTTPS interception attacks by hardcoding the expected certificate or public key of the server in the application code, so that any certificate presented by an intermediary will be rejected. Cookies are small pieces of data that are stored by browsers to remember user preferences or sessions, but they do not prevent HTTPS interception attacks. Wildcard certificates are certificates that can be used for multiple subdomains of a domain, but they do not prevent HTTPS interception attacks. HSTS (HTTP Strict Transport Security) is a policy that forces browsers to use HTTPS connections, but it does not prevent HTTPS interception attacks.

Verified Reference:

https://www.comptia.org/blog/what-is-certificate-pinning https://partners.comptia.org/docs/default-source/resources/casp-content-guide