Penetration Testing

What is Thick Client Penetration Testing?

A Thick Client (a.k.a. Fat Client) is a client–server architecture or network and typically provides rich functionality, independent of the server. In these types of applications, the major processing is done on the client side.

Thick Client Penetration Testing (a.k.a. Thick Client Pentest, Thick Client VAPT, Thick Client Pen Testing) identifies exploitable vulnerabilities on both the local and server-side. The attack surface is larger and requires a different approach from web application penetration testing. Such process often requires specialized tools and custom testing setup.

softScheck is a CREST accredited Penetration Testing provider.

Two Common Architectures
For Thick Client

The two common architectures for thick client are two-tier architecture and three-tier architecture.

Two-Tier Architecture

A two-tier architecture is where the application implements a client-to-server communication. The application is installed on the client computer and directly communicate with a database server.

Three-Tier Architecture

A three-tier architecture is where the applications talks to the application server via a communication protocol such as HTTP/HTTPS. This has a slight security advantage over the two-tier architecture because it prevents the end-user from communicating directly with the database server

Related Penetration Testing

Objective of this assessment

Identify vulnerabilities which can compromise the system

Gain real-world compliance and technical insights

Develop strong authentication and access controls

Approach & Methodology

The Thick Client Penetration testing methodology is based upon industry standards, including but not limited to OWASP Windows Binary Executable Files Security Checks Project

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Penetration Testing

What is Thick Client Penetration Testing?

Two Common Architectures
For Thick Client

Two-Tier Architecture

Three-Tier Architecture

Related Penetration Testing

Network

Thick Client Application

Web Application

White Box Penetration Testing

Wireless

Objective of this assessment

Approach & Methodology

Information Gathering

Client Side Attacks, Network Side Attacks, Server Side Attacks

Reporting

Subscribe to Our E-Newsletter

Let’s Connect

Contact Us For A Quote Today

Let’s Connect

Contact Us For A Quote Today

Penetration Testing

What is Thick Client Penetration Testing?

Two Common Architectures For Thick Client

Two-Tier Architecture

Three-Tier Architecture

Related Penetration Testing

Network

Thick Client Application

Web Application

White Box Penetration Testing

Wireless

Objective of this assessment

Approach & Methodology

Information Gathering

Client Side Attacks, Network Side Attacks, Server Side Attacks

Reporting

Subscribe to Our E-Newsletter

Let’s Connect

Contact Us For A Quote Today

Let’s Connect

Contact Us For A Quote Today

Two Common Architectures
For Thick Client