Thick client application

Severine

What is the best way to do security testing for a thick client application?

Find more posts tagged with

cybersecurity

penetration testing provider

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

SteveLavoie

It all depend on the situation, are you the dev of the application, or you took it on the internet and want to test it?

I am not an expert.. but what you can do at least is:

Capture network traffic while using the application
Use Process monitor and see which file, reg key and so on is created, read, or modified

Then you can also decompile/look at the code and so on, but it is more a dev job.

JDMurray

Are we doing your homework?

Severine

Thanks, Steve for your reply.

I have read that Thick client applications are more complicated and customized as compared to other web or mobile applications, due to which it is not easy to detect the vulnerabilities in them, and also the penetration testing approach for thick client applications is very different. Therefore, I was curious to know how to do security testing for a thick client application.

SteveLavoie

JDMurray said:

Are we doing your homework?

Maybe