fbpx

Discover the Critical Vulnerabilities in Your Thick Client Application

MOBILE APPS RISK FACTOR

Thick client applications are also known as desktop applications.

Simple automated assessment scanning is not sufficient and testing thick client application requires pentesting that involves both local and server-side processing and often uses proprietary protocols for communication.

Thick client applications are fully functional even if they are not connected to the Internet and it works as “client” only when it is connected to the internet.

As a server can provide thick-client with files that are not even installed on the local machine which makes such applications extremely volatile targets for attackers.

APPROACH

Our Approach

Certbar’s team aims to follow a security checklist and a number of tools when assessing the security of Windows executable files to achieve better pentest results. Thick client applications pentesting in highly volatile and we follow an overarching methodology that also includes all the relevant and up-to-date knowledge on the subject.

Thick client applications can be developed using various programming languages such as .Net, Java, C/C++, Microsoft Silverlight and more.

Starting Checks (Information Gathering)

01.

Static Tools
CFF Explorer, PEid, Detect It Easy (DIE), Strings, etc.

02.

De-Obfuscators or Decompilers Tools
dnSpy, ILSpy, JetBrains DotPeek, de4dot, NeonFuscator-Deobfuscator, etc.

03.

Network Sniffers
Wireshark, TCPView, SmartSniff, tcpdump, Microsoft Network Monitor 3.4, etc.

04.

Proxy Tools
Burp Suite, Fiddler, Echo Mirage, Charles Web Debugging Proxy, etc.

Methodology

Our holistic thick client penetration testing methodology is best equipped to discover security vulnerabilities along with finding business logic vulnerabilities with our tailor designed security checklists based on industry standards, including OWASP Top Ten, PCI Compliance, and NIST 800-53.

Application Scoping

Mapping & Service Identification

Hardcoded Sensitive Information in Code

Hardcoded Sensitive Information in Code

Application Scanning

Application Scanning

Vulnerability Identification

Post Exploitation

DLL Hijacking

Lack of Code Obfuscation

Take control of your cyber security, choose our ultimate protection

Experience unbeatable cyber security with Certbar Security 
Contact us today to learn more

Work Inquiries

Interested in working with us?

Career

Looking for a job opportunity?

Register With:

Work Inquiries

Interested in working with us?

Career

Looking for a job opportunity?

Surat

Certbar Security

Contact

Office No.

Work Inquiries

Interested in working with us?

Career

Looking for a job opportunity?

Register With:

© 2016-[year], Certbar Security. All rights reserved.

© 2016-[year], Certbar Security. All rights reserved.

Please enable JavaScript in your browser to complete this form.
Please enable JavaScript in your browser to complete this form.
Join As:
Interested In Batch:
I agree to bring my own laptop
Please enable JavaScript in your browser to complete this form.
Please enable JavaScript in your browser to complete this form.
Please enable JavaScript in your browser to complete this form.
Please enable JavaScript in your browser to complete this form.
Please enable JavaScript in your browser to complete this form.