Thick client applications are an integral part of an organization’s application landscape. Their ability to execute complex calculations, an enriched GUI with customizable fonts and menus, and network‑independent speedy processing offers thick client application users a superior experience.
While a thick client’s browser-independent processes makes it less vulnerable to browser-related risks, it is susceptible to other hazards such as injection attacks, variable and response manipulation, denial of service (DoS), insecure data storage, reverse engineering, disclosure of sensitive data, and improper access control, error handling and session management.
No matter what type of threat your thick client applications face, Excedor has the optimal solution to discover and counteract it.
Our 3-step methodology to test thick client applications developed on two-tier and three-tier architectures comprises the following consecutive phases: interception, local storage and memory testing, and decompiling and reverse engineering.
We use different tools to test proxy-aware and proxy-unaware thick clients, based on their classification. Some of the tools that we use to test proxy-aware thick clients include Burp Suite and Charles Proxy. To test the more complex proxy-unaware thick clients where there is no option to set up a proxy server, we use tools that intercept HTTP requests or responses, and tools that interact with the thick client application process, for example, Echo Mirage, or JavaSnoop to intercept requests from Java applications.
Get in Touch With Us
We are here to provide best Cyber Security and IT Risk Consulting services.