Thick Client Penetration Testing Checklist

Thick clients are the applications that must be installed on desktops/laptops or servers. These applications can be run on the internet or without the internet. The most common example of a thick client is the installer Skype installed on the desktop/laptop. Other examples of Thick Client are Firefox, Chrome, Microsoft Teams, Zoom, etc.

Thin clients are web applications that are running on the web browser. Generally, these web applications need an internet connection for proper functioning. The most common example is our website https://allabouttesting.org. This website needs an internet connection to fetch different blogs.

This blog provides you with a checklist to test Thick Client Applications for security. Click Here to learn more about the Architecture of Thick Client and how to perform security testing.

Development Languages of Thick Client

• Dot Net
• Java
• C/C++
• Microsoft Silverlight

Common Tools for Thick Client Security

• CFF Explorer
• Echo Mirage
• Sysinternals Suite
• Mallory
• Wireshark - Network Protocol Analyzer
• Nmap - Port Scanning Tool
• tcpdump - Command Line tool. Similar to Wireshark.
• Procmon
• Detect It Easy
• sigcheck64.exe
• Java Snoop
• Ollydbg
• Burpsuite - Web Application Scanner
• IDA Pro
• Metasploit
• Winhex
• Testssl - Identify vulnerabilities in wireless communication
• dnspy
• Echo Mirage - Captures non-HTTP

Common Vulnerabilities Found in Thick Client

Vulnerability	Explanation
Sensitive data leakage	Unintended exposure of passwords, API keys, etc.
Weak encryption checks	Failing to adequately verify encryption strength
Insecure Storage	Use of weak encryption techniques in storage
EXE Hijacking	Exploiting executable files for malicious purposes
DLL Hijacking	Exploiting dynamic link libraries for attacks
Improper Error Handling	Mishandling errors leading to security risks
Injection	Unsanitized input leading to code execution
Reverse Engineering	Analyzing and understanding code for exploitation
IFEO Injection	Injecting code via Image File Execution Options
Session Management	Weaknesses in managing user sessions
Buffer Overflow	Writing beyond allocated memory, causing crashes
Insecure Compilation option	Using insecure compilation settings
SSL/TLS (communication layer vulnerabilities)	Vulnerabilities in secure communication protocols
Business Logic	Exploiting flaws in application's logic
Insecure Update Management	Exploiting flaws in the application's logic

Checklist for assessment of Thick Client

1) Information Gathering

• Identify the Application Architecture and crawl the application to gather business logic
• Platform Mapping to know architecture and infrastructure
• Try to find the protocol used in network communication
• Check for Authentication mechanisms
• Check for the Authorization mechanism

2) Use of Tools and Techniques to identify Vulnerabilities

• Test for leaking sensitive information
• Test for Address Space Layout Randomization (ASLR)
• Test for SafeSEH
• Test for Data Execution Prevention (DEP)
• Test for strong obfuscation technique
• Try to extract the original code by using of reverse engineering method
• Verify wireless communications are secure.
• Verify High entropy
• Verify for registry-related vulnerabilities (registry manipulation, read/write access of registry keys, etc.)

3) Analyze Network Traffic

• Use a network protocol analyzer
• Try to find security issues and sensitive data while date in communication

4) Test for Common Vulnerabilities

• Test for OWASP TOP 10 web vulnerabilities
• Test for OWASP TOP 10 API vulnerabilities

5) Code Review

• Use Code Scanner to scan source code for security weaknesses
• Manual Code Review to identify security flaws

Conclusion

By systematically addressing these aspects in your Thick Client Penetration Testing, you can enhance the overall security posture of the application and mitigate potential risks.