Thick client applications are those in which most of the operations and information processing occurs on the client side, regardless of whether they are connected to a network or not. In organizations, security testing tends to be primarily oriented towards mobile and web applications (‘thin clients’), sometimes overlooking the security weaknesses or vulnerabilities that thick clients may possess (e.g., injection, memory corruption, cryptographic issues). These vulnerabilities could affect both client-side and server-side systems.
At Fluid Attacks, we can also help you detect vulnerabilities in your thick client applications. During the first steps of an application’s assessment, we identify the technologies used, the functions and processes it carries out, and the security mechanisms employed. Then, we take into account risks and potential attack vectors and employ testing techniques, such as SAST, DAST, and SCA, mixing automation and manual operation, as well as more complicated procedures such as Pentesting. We intend to evaluate configurations and processes of interaction and communication in networks, making sure to analyze both client and server-side software.