Thick Client Application Security

Web, mobile and desktop applications capture and hold sensitive corporate and customer data. However, they are highly vulnerable – 80% of cyberattacks occur at the application layer. Until recently, applications were viewed as low risk because they were largely internal, so securing the infrastructure was the priority instead. However, applications are now open to the world. The pressure to release quickly, the security checks needed to manage applications and systems in depth are often incomplete. Add to this a lack of security training on the part of application developers focused on functionality, and it is clear that a more proactive approach to security is required. To deliver a user experience that is positive and secure, organizations need to integrate security testing to their application development lifecycle.

Nature of thick client applications are unique so automated vulnerability assessment scanning is not sufficient to capture adequate results. Pen-Testing thick clients requires expert manual penetration testing skills and a thoughtful, methodical approach. Typical security assessment plan is based on these main points:

  • Analysis of the configuration
  • Analysis of the installation packages and system utilities/data
  • Communication analysis
  • Server security testing
  • Client security testing
  • Static testing
  • Dynamic testing
  • System testing
Phase 1
Scoping and Mapping

Create and agree business process model. Scoping secures by distinguishing and limiting access to documents and information. It enables to map out the issues for further procedures. This process will involve a brief meeting with the client to review and acknowledge the penetration testing rules of engagement, confirm project scope and testing timeline, identify specific testing objectives, document any testing limitations or restrictions, and answer any questions related to the project.

Phase 2
Information Gathering & Enumeration

This step provides the tester with information that can be used to identify and exploit vulnerabilities in the web applications. The goal of this phase is to identify any sensitive information that may help during the following phases of testing, which could include application technologies, usernames, versions information, hardcoded information, etc. 

Phase 3
Scanning

We use a proprietary tool to find common issues in the thick client software. The tool also enumerates the thick client’s network communication, interprocess communication, operating system interactions, and more for our experts to analyze.

Phase 4
Vulnerability Assessment & Idenfication

The vulnerability analysis phase will encompass the enumeration of all in-scope targets/applications at both the network layer and the application layer. Our experts analyze your thick client’s configuration; identifying both default configuration problems and ways the application could be configured to bypass security controls. Many thick client attacks involve remote execution. When this is the case, we intercept and analyze network communication in depth and reverse engineer custom protocols when needed. 

Phase 5
Exploitation

This phase will involve taking all potential vulnerabilities identified in the previous phases of the assessment and attempting to exploit them as an attacker would. This will include business logic flaws, authentication/authorization bypasses, direct object references, parameter tampering, and session management. Most thick clients access some server-side functionality, and the successful exploit of a vulnerability in server-side code can affect all thick clients or central data stores. We analyze the server software using various manual and automated tools during this phase. Activities may include performing memory dumps, testing IPC channels that may permit privilege escalation, fuzzing file inputs, and in-depth reverse engineering.

Phase 6
Post Exploitation

It implies the phases of activity once the attacker violates the framework. The estimation of the abused system is read out by the extent of all stored data and how the hacker may assault it. If successful exploitation of an in-scope application, database, or API server is achieved, analysis will continue, including infrastructure analysis, pivoting, sensitive data identification, data exfiltration, and identification of high-value targets/data. We will use the information collected here in the prioritization and criticality ranking of identified vulnerabilities.

Phase 7
Reporting

We provide a report of findings, which gives a detailed view of the critical, high, medium and low-priority risks, along with appropriate recommendations. The vulnerabilities must be risk rated and proper technical communication done for the technical personnel, with a proof of concept included to support the findings uncovered.

Our Services

Vulnerability Management

Read More

Assessment

Read More

Cloud Security

Read More

Security Compliances

Read More

Source Code Review

Read More

Digital Forensics

Read More

Contact Us