A penetration tester is assessing a mobile banking application. Man-in-the-middle attempts via a
HTTP intercepting proxy are failing with SSL errors. Which of the following controls has likely been
implemented by the developers?
A.
SSL certificate revocation
B.
SSL certificate pinning
C.
Mobile device root-kit detection
D.
Extended Validation certificates