Thick Client Security Testing - Short Tutorial

A thick client refers desktop application that requires the installation to use them. Thick client applications can be developed using Java, .Net, C/C++, etc.

A thick client may follow two-tier architecture or three-tier architecture. In two-tier architecture, the thick clients directly access the back-end database via the internet. In the three-tier architecture, the thick client accesses the back-end database via the application server. Sometimes thick client applications use proprietary protocols for communication. Examples of the thick clients are video editing software, video conference software, MS Office, MS Outlook, etc.

In this article, we will see the procedure to be followed, vulnerabilities, and tools used for accessing the security of thick client applications.

Procedure to be followed

(1) Information Gathering

Gather as much information as you can related to thick client applications such as

  • Application architecture (whether it is two-tier or three-tier)
  • Programming language/frameworks used for development
  • Under authentication in the application
  • Under authorization in the application
  • Understand the business logic of an application
  • Under network communication used in application

(2) Following Test Cases need to be performed (but not limited to)

  • Test the application for sensitive information
  • Test Injection vulnerabilities
  • Test Authorization issues
  • Test Errors Messages on failures
  • Test for disabled functionalities
  • Test for Encryption keys
  • Test log files for secrets
  • Check code obfuscation
  • Test for read/write access of Registry

Vulnerabilities in Thick Client Application

  1. Injection - SQL injection, command injection, LDAP injection
  2. Buffer Overflow
  3. Insecure Communication (TLS/SSL vulnerabilities)
  4. Business Logic Vulnerabilities (e.g. forgot password)
  5. Improper Error Handling
  6. Sensitive Information Disclosure - Hardcoded Encryption Data, Hardcoded Encrypted Password
  7. No Code Obfuscation
  8. Broken authentication and session management
  9. Weak storage of passwords on the server side
  10. Insufficient logging and monitoring
  11. Security Misconfiguration
  12. Configuration files in cleartext

Tools used:

  1. Wireshark - network analysis tool
  2. IDA Pro - static analysis tool
  3. OllyDBG - static analysis tool
  4. CFF Explorer - PE Editor
  5. Sysinternals Suite - bundle of Sysinternals utilities
  6. Detect It Easy - to determine file type
  7. PEid - Identify different signatures of PE files
  8. Ghidra static analysis tool
  9. Winhex - memory analysis tool
  10. Metasploit - exploitation framework
  11. BurpSuite Pro - Intercept proxy tool
  12. Nmap - identify open ports
  13. sslscan - identify ssl vulnerabilities
  14. Nessus - identify outdated components of a thick client application
  15. Procmon - to monitor processes
  16. Burpsuite - to test web application security

Conclusion

This is just an introductory article to initiate the security assessment of thick client applications. Although this blog provides guidance for methodology and tools used for thick client security assessment.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

10 Blockchain Security Vulnerabilities OWASP API Top 10 - 2023 7 Facts You Should Know About WormGPT OWASP Top 10 for Large Language Models (LLMs) Applications Top 10 Blockchain Security Issues