Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 400 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Thick Client Application Security Testing
Thick client applications are any that are installed locally on a user's desktop/laptop. These applications are full-featured and can run independently without being connected to the Internet, unlike web applications, which need to be connected to the Internet all the time. Some examples of thick client applications are:
Thick client applications come in two flavors:
Thick clients are generally easier to test, as they usually don’t have complex business logic and processing capabilities compared to web applications. This table illustrates the difference in vulnerabilities that are applicable to web applications vs. thick clients.
Other vulnerabilities include:
The OWASP Top 10 needs to be checked for any web apps that may interface with the thick client.
There are far fewer tools available for testing thick clients than web-based apps. Many tools are no longer under active development, and some have been ported to web / mobile environments.
Tools used for testing thick clients include:
These screenshots show to how to configure Echo Mirage to capture traffic going to and from a thick client.
Echo Mirage Startup Screen
Identify the application intended to run
Capturing request / response
Echo Mirage configuration
This blog highlights different tools and approaches for testing a thick client application for vulnerabilities. The tools have remained the same over a period of time and there are no major changes in the way thick client applications have been assessed when compared to web / mobile applications, where introduction of new frameworks / technologies have given rise to new tools / methods for testing.
Optiv Security: Secure greatness.™
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
June 02, 2021
Optiv highlights the attack strategy of using forged Kerberos tickets to compromise a domain, and provides ways to defend against it.
February 02, 2021
This post identifies systemic endpoint detection and response issues and examines how attackers can bypass any EDR product.
May 12, 2021
This article explores gaps that allow for the undetected execution of code on systems protected by Microsoft Defender Advanced Threat Protection.
Let us know what you need, and we will have an Optiv professional contact you shortly.