Pentesting

Thick client applications are still employed for internal operations. UBUNIFU DIGITECH uses multi-vector testing to identify design and configuration weaknesses.

INDUSTRY CHALLENGE

Due to the unique nature of thick client applications, automated vulnerability assessment scanning isn’t sufficient to capture adequate results. Testing thick clients requires expert manual penetration testing skills and a thoughtful, methodical approach. A thorough application security assessment necessitates specialized tools, custom testing set-up, and shrewd hacking techniques.

SOLUTION OVERVIEW

UBUNIFU’s approach to Thick Client Assessments includes reviewing server-side controls, data communication paths, and potential client-related issues. During the course of an assessment, the UBUNIFU team will:

1. Attempt to bypass authentication controls
2. Review data communications functionality
3. Review files, registry entries, memory for sensitive information
4. Identify potential for denial of service (DOS) attacks
5. Search for sensitive information disclosures
6. Decompile to source code where possible

By reviewing all of these attack vectors, we’re able to provide clients with a comprehensive understanding of the security posture of their application and how to improve it. Specific areas of our focus will include, but are not limited to:

1. Network transmissions
2. Data storage including files, databases, Windows registry, and the application’s executable and DLL files
3. Failure to protect resources with strong authentication
4. Failure to implement least privilege authorization policy
5. Client-side injection
6. Improper error handling
7. Information leakage
8. Lack of data protection in transit
9. Insecure or unnecessary client-side cryptographic storage
10. Failure to apply server-side controls
11. Parameter manipulation
12. Backdoor identification