Should you pin? And if so: on what? On the certificate? On the public key? Should you follow http public Key pinning? And to which certificate: leaf, intermediate or root? And how can you easily do this with iOS? In this talk we will briefly go to the highlights on pinning on mobile and if you do it, how you can best apply it.

Links:

1. Mobile Application Security Verification Standard (MASVS)
2. Mobile Security Testing Guide (MSTG)
3. Burp Suite
4. Damn Vulnerable iOS Application (DVIA)
5. OWASP Zap