Thick Client Security Testing - Short Tutorial

A thick client refers desktop application that requires the installation to use them. Thick client applications can be developed using Java, .Net, C/C++, etc.

A thick client may follow two-tier architecture or three-tier architecture. In two-tier architecture, the thick clients directly access the back-end database via the internet. In the three-tier architecture, the thick client access the back-end database via the application server. Sometimes thick client applications using proprietary protocols for communication. Examples of the thick clients are video editing software, video conference software, MS office, MS outlook, etc.

In this article, we will see the vulnerabilities and tools used for accessing the security of thick client applications.

Vulnerabilities in Thick Client Application

1. Injection - SQL injection, command injection, LDAP injection
2. Buffer Overflow
3. Insecure Communication (TLS/SSL vulnerabilities)
4. Business Logic Vulnerabilities (e.g. forgot password)
5. Improper Error Handling
6. Sensitive Information Disclosure - Hardcoded Encryption Data, Hardcoded Encrypted Password
7. No Code Obfuscation
8. Broken authentication and session management
9. Weak storage of password at server side
10. Insufficient logging and monitoring
11. Security Misconfiguration
12. Configuration files in cleartext

Tools used:

1. Wireshark - network analysis tool
2. IDA Pro - static analysis tool
3. OllyDBG - static analysis tool
4. Ghidra - static analysis tool
5. Winhex - memory analysis tool
6. Metasploit - exploitation framework
7. Burpsuite Pro - Intercept proxy tool
8. Nmap - identify open ports
9. sslscan - identify ssl vulnerabilities
10. Nessus - identify outdated components of a thick client application

Conclusion

This is just a introductory article to initiate assessment of thick client applications. More tutorials available on google to kickstart security testing.