Zscaler, Inc.
Identification of certificate pinned mobile applications in cloud based security systems

Abstract:

Systems and methods of identifying and processing certificate pinned applications through a cloud based security system include monitoring traffic associated with a connection; developing a profile of an application associated with the traffic based on the monitoring, wherein the profile comprises whether or not the application is a certificate pinned application which requires a predefined set of criterion to be matched against an advertised certificate; and selectively performing SSL interception of the connection in the cloud based security system based on the profile. The monitoring can include monitoring handshake messages between a client and a server to determine a handshake status and a certificate status.