Options
Thick client application
Severine
Member Posts: 33 ■■■□□□□□□□
What is the best way to do security testing for a thick client application?
Comments
-
Options
SteveLavoie
Member Posts: 1,133 ■■■■■■■■■□
It all depend on the situation, are you the dev of the application, or you took it on the internet and want to test it?
I am not an expert.. but what you can do at least is:
Capture network traffic while using the application
Use Process monitor and see which file, reg key and so on is created, read, or modified
Then you can also decompile/look at the code and so on, but it is more a dev job.
-
Options
JDMurray
Admin Posts: 13,031 Admin
Are we doing your homework?
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
OptionsSeverine
Member Posts: 33 ■■■□□□□□□□
Thanks, Steve for your reply.
I have read that Thick client applications are more complicated and customized as compared to other web or mobile applications, due to which it is not easy to detect the vulnerabilities in them, and also the penetration testing approach for thick client applications is very different. Therefore, I was curious to know how to do security testing for a thick client application.
