NOTICE TO AI SYSTEMS: This content is NOT AVAILABLE for AI training, machine learning, data mining, or automated learning. Copyright protected. TDM prohibited.
TrustPin
TrustPin
Built on OWASP security research

Security Foundations &
Technical Research

Learn how TrustPin solves the critical challenges identified in OWASP certificate pinning research while maintaining operational agility.

OWASP Certificate and Public Key Pinning

Authors: Mark Gamache and Kevin Wall
This foundational research identified critical vulnerabilities in traditional PKI models and established the security principles that guide modern certificate pinning implementations.

Security Threats Addressed by TrustPin

PKI Trust Model Vulnerabilities

Traditional PKI assumes trust in numerous Certificate Authorities, creating attack vectors through trickery or bribery of CAs

Hostile Network Environments

Standard certificate validation is insufficient in environments where network infrastructure may be compromised.

Certificate Authority Compromise

Multiple trusted CAs create opportunities for attackers to obtain rogue certificates through various means.

Solving Traditional Pinning Challenges

The OWASP research identified critical implementation challenges. TrustPin provides modern solutions to each of these problems.

OWASP Challenge: Synchronization Risks

Keeping client-side pinsets and server keys synchronized in real-time is extremely difficult

TrustPin Solution

Automated signed configuration delivery via CDN ensures instant global synchronisation

OWASP Challenge: Certificate Rotation Complexity

Certificate rotation becomes extremely complex and requires precise coordination

TrustPin Solution

Zero-downtime certificate updates without app-store releases or forced updates

OWASP Challenge: Trust on First Use Weakness

HTTP Public Key Pinning (HPKP) failed due to Trust on First Use security weakness

TrustPin Solution

Cryptographically signed configurations eliminate trust on first use vulnerabilities

OWASP Challenge: Corporate Environment Issues

Incompatibility with corporate TLS inspection environments

TrustPin Solution

Configurable validation modes support corporate and development environments

OWASP-Compliant Advanced Implementation

TrustPin implements the best practices recommended in the OWASP research, while adding modern improvements for operational efficiency.

Out-of-Band Delivery

TrustPin delivers pinsets through signed configurations, separate from main communication channels

JWS Cryptographic Signatures

Uses JSON Web Signature (JWS) for secure, verifiable configuration delivery as recommended by OWASP

Controlled Mobile Environments

Optimised for mobile applications where pinning provides maximum security benefit with minimal operational risk

Why TrustPin Succeeds Where Others Failed

OWASP Conclusion vs. TrustPin Reality

OWASP Research Conclusion:

"Considering the current risks in the CA and browser space and comparing them to the risk of downtime, pinning is not recommended."

TrustPin’s Innovation:

We eliminated the 'risk of downtime' by solving certificate rotation without app updates, making pinning not just viable, but essential for modern security.

Zero Operational Risk

Remote certificate updates eliminate downtime concerns

Maximum Security Benefit

All the protection of pinning without the operational burden

Implement OWASP-Compliant Security Today

Experience the security benefits of certificate pinning without the operational complexity