A penetration tester is assessing a mobile banking application. Man-in-the-middle attempts via a HTTP
intercepting proxy are failing with SSL errors. Which of the following controls has likely been implemented by
the developers?
A.
SSL certificate revocation
B.
SSL certificate pinning
C.
Mobile device root-kit detection
D.
Extended Validation certificates