Thick Client Application
Penetration Testing

Security Simplified specializes in thick client application penetration testing and adopts a methodology based on OWASP industry security standard. The assessment is started with an application overview, walkthrough of the functionality, analyzing the communication between client and server, threat modelling and test plan development followed by a checklist-based approach.

Security Simplified consultants understand that the thick client applications are complex, and adopt their own unique architecture and protocols. We have extensive experience in performing security testing, using our hybrid approach that combines both dynamic and static application analysis techniques.

Our methodology and test cases are derived from the below standards:

  • Open Web Application Security Project (OWASP)
  • Open Source Security Testing Methodology Manual (OSSTMM)
Image
Image

Our Methodology

Walkthrough Application Functionality

Study Application Authentication & Authorization Mechenism

Test Plan Development

Reverse Engineering

Local Data Analysis for Sensetive Data, Use Dangerous Functions, etc.

Interception & Manipulation of the Data

Guided by OWASP Top 10

Priviledge Escalation and Explooitation

Infrastructure Scanning

Executive Summary

Finding Description, Severity Rating, Impact & Recommendation

Report Based on Industry Standards

Sample List of Checks

  • Reverse engineering local binary files and perform static analysis
  • Input validation
  • File upload testing
  • Broken authentication and session management
  • Logging and monitoring
  • Direct communication with the server and vulnerability scanning
  • Use of ASLR/DEP
Image

Reporting

  • Executive summary for the management
  • Vulnerability dashboard for the project team
  • Technical report for the development team
  • Vulnerability description, root cause, impact and remediation steps
  • Reporting and risk rating matrix based on OWASP standards

Want to work with us?

Do you need help finding information or want to know more about what Security Simplified services can do for you?

CONTACT US

Copyright @2022 Security Simplified Limited