Because security testing efforts often focus on web and mobile applications, many thick client applications don’t undergo rigorous analysis. However, these applications can contain serious security problems, including memory corruption vulnerabilities, injection vulnerabilities, cryptographic weaknesses, and client-side trust issues. Such vulnerabilities can lead to a complete compromise of systems where the thick client software is installed, unauthorized access to server-side information, and more.
Thick client applications involve both local and server-side processing and often use proprietary protocols for communication. They may also contain multiple clientside components running at different trust levels. Simple, automated vulnerability assessment scanning isn’t enough. That’s why we customize each of our thick client tests to the application.