Thick client applications are full-fledged applications that can work with or without a network. They have hard drives and other components that help them function independently. Thick client pen testing is an aspect of cyber security practices that scans vulnerabilities within your thick client applications to fortify their security.
Here’s your guide to understand why you’d require thick client pen testing.
is the selling price of a consumer account on the dark web
of black hat hackers admit privileged accounts are their number one way to hack systems
of folders are protected by Companies.
of ATMs are vulnerable to hacker attacks.
The thick Client Pentesting approach needs the following comprehensive steps:
The thick client applications have the resources to function without being connected to a network. However, it behaves as a client only when connected to a server. There might be some files and programs the thick client application needs to access but they are not stored on the system. Connecting to a server helps the application access those programs and files.
Some common examples of thick client applications are:
There are two common types of architecture for thick client applications:
Along with application architecture, there are other things to identify as well before testing the thick client application. You need to understand the full functionality of the application including the languages and frameworks it is based on. If there are multiple users, then you should navigate through all the UI elements. Every user has different levels of permissions and access. There are unique functionalities you need to discover. Some users might have access to the administrative actions while some may not.
Languages like Dot Net, Java, C/C++, and Microsoft Silverlight are typically used to build thick client applications. Having information about the language the application is built on is necessary as well. You can use some specific tools for this task such as:
For thick client penetration testing, there are two key methods:
Penetration testing for thick client applications needs a quite comprehensive approach. It mainly includes the following processes:
Along with all this, there are 5 tracks of analysis in thick client pentesting: