Many developers in encrypt confidential data on the way to the backend using SSL and have a false sense of security.
While SSL is suitable as a tool to ensure the confidentiality and integrity of data, it must be understood and used correctly. A publication of the University of Texas and Stanford University from October 2012 shows that some serious vulnerabilities can be overlooked, even when using renowned libraries and software packages.
Using an example iOS application the talk shows how attackers can take possession of supposedly safely transmitted data, and how this can be prevented effectively by means of SSL Certificate pinning.
First a few SSL basics and relevant attack vectors are explained, then ways to counteract them. While the example is based on iOS, the concepts can be applied to Android and other platforms, as well.