The United States Computer Emergency Readiness Team (US-CERT) normally puts out alerts about security failures in individual software systems, but this time decided to publish an article about Man-In-The-Middle (MITM) attacks in general and four existing mitigation strategies.
After a brief introduction to MITM attacks, it recommends that developers and software managers look at four technologies: TLSĀ 1.1 or higher, certificate pinning, DNS-based Authentication of Named Entities (DANE) and network notary servers.
