A penetration tester is assessing a mobile banking application. Man-in-the-middle attempts via a HTTP intercepting proxy are failing with SSL errors. Which of the
following controls has likely been implemented by the developers?

A.
SSL certificate revocation

B.
SSL certificate pinning

C.
Mobile device root-kit detection

D.
Extended Validation certificates