Thick client pen-testing involves both local and server-side processing and often uses proprietary protocols for communication.
Simple automated assessment scanning is not sufficient and testing thick client applications require a lot of patience and a methodical approach. Moreover, the process often requires specialized tools and custom testing setup.
Thick client testing can be exciting for pentesters because the attack surface of these applications can be significant. Unlike web applications or infrastructure pentests, application security testing service provider have a more notable success rate because the client is available locally and, hence, critical vulnerabilities may be found during the engagements.
Thick client applications are generally more complicated and customized than web or mobile applications, so they need a specific approach when it comes to a penetration test.
This information, combined with a list of your business risks, gives us a blueprint for testing your thick client software.
Your thick client applications can contain your organization’s intellectual property, so you want them to be resistant to reverse engineering and modification. Without expert analysis of binary hardening mechanisms, you won’t know how easily an attacker can reverse engineer or modify your client-side code. We offer the best cyber security services and have experience testing obfuscated and hardened applications, breaking security controls such as white-box cryptography, and more.