Abstract
Organizations are all so anxious to reach their “mobile moment”, but are failing miserably at securing the mobile application traffic, in a variety of ways. We will review some of the common pitfalls with mobile application transport layer encryption, how to test for vulnerabilities and a fool-proof method on how to prevent your organization from falling victim to these all too common errors. We will also be presenting a novel SSL/TLS attack, which could be used for a semi-permanent, nearly undetectable MitM attacks.