Thick Client Assessment

What is a Thick Client?

Thick Client is defined as an application client that process some data in addition to rendering it. An example of thick client applications are applications written in VB, JAVA or VB.NET that communicates with a database.

Why Assess your Thick Client?

Attackers can exploit a thick client application which may lead to sensitive data leakage, viewing of unauthorized information, perform MITM attack, RCE on database server, retrieval of database credentials, retrieval of user credentials.

Since some thick client applications come with custom DLLs, privilege escalation and/or Code execution may also be performed by an attacker.

Thick Client Application Vulnerabilities:

The following are the most frequently found vulnerabilities in a thick client application:

  1. Unvalidated Input
  2. Broken Access Control
  3. Weak Authentication and session management
  4. Buffer Overflows
  5. DLL Hijacking
  6. Injection Flaws
  7. Insecure Storage
  8. Insecure Configuration Management
  9. Insecure binary compilation

Thick Client Security Checklist:

The primary purpose of a Thick Client (TC) is to interact with a webserver or a database. Communication to a server or DB maybe via HTTP/HTTPS or via custom protocols. Multiple standard and custom tools are used by the DTS team for thick client assessment. Primary checks are conducted for the following:

  1. Client to DB data traffic analysis
  2. Client to DB data traffic encryption checks
  3. Client to DB data manipulation checks
  4. Custom client DLL checks
  5. Client Session Management Checks
  6. Client Credential Management Checks
  7. Client Access Control Checks
  8. Forced URL access via browser
  9. Error/Exception Handling
  10. Log file tampering analysis
  11. Sensitive data exfiltration from disk & memory
  12. Configuration files analysis
  13. Reverse Engineering
  14. Sensitive data leakage in the binary strings
DTS Thick Client Assessment