Elastic Beanstalk, Lambda, and CloudWatch returning errors for us. us-east-2

The number of times I've heard people in the tech community mention certificate pinning as a valuable security mechanism is like the amount of times I've heard about zombies, despite the fact that they just don't exist.

I've worked on a team that reverse engineered and did security audits on a lot of commercial and consumer applications. We've seen cert pinning implemented correctly was maybe like once or twice a year by companies large enough to where their security team was larger than most software companies entire payroll.

Basically, it's not a thing that exist because it is really hard to implement properly. The threat model for being MITM'ed with cert spoofing is pretty exotic. In the end, cert pinning means your application is not working if something goes wrong with the certs, which EVERYONE at some point forgets to renew, or, worse, you CA inadvertently gets hosed.

What's it take, to implement it correctly? What are the most common implementation mistakes?

Would love some pointers too, I've run into it once implement in a way j could t circumvent and was blown away. I'd love to develop the skills to do the same myself.

This part of the article really threw me off. Someone writing an article on HTTP headers for a major CDN has never had to deal with IE6?

Are people really still dealing with IE6? I gave up web dev almost a decade ago and it's disturbing to hear that IE6 is still an issue!

Healthcare and government (US). So, so very many systems are on IE6. So, so very many websites only work correctly/fully when end users are on that platform. Until you've had to support code distributed by the US federal gov't and watch the percentages of users hitting your site from XP (or earlier) UAs rise to the double digits, you have not known sadness.

Also all of China or so I was told about a year ago.

Enterprise. A lot of Enterprise applications are required for work, and require very old, very stubborn browsers.

Most emulations don't work.

You need the old stuff (IE), for the old applications to work, and as long as they can force it to, they won't update said old application.

I've even had to touch systems which required IE 4 in the last few years, from before Trident became the rendering engine.

MindForge | Mobile Dev | Columbus, OH | Full-Time, ONSITE

We are MindForge, a division of the International Risk Management Institute. We create and publish interactive training that aims to give construction workers the mental tools they need to survive the day to day hazards they encounter on job sites. We are creatives, game designers, directors, producers, safety experts and developers on a mission to save lives.

We are looking for an experienced mobile developer that can drive the development of both Android and iOS native application for our platform. Ideally this means, you have applications published in both stores.

Drop me a note to jack.u@irmi.com