Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Thick Client Applications

Thick or compiled applications are popular in an enterprise for their internal operations. Legacy thick client applications could have inherent problems waiting to be discovered or rather exploited

Read more
Complete this form to get in touch

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Overview

The main goal of application assessment is to uncover vulnerabilities, to show a practical situation where these flaws can be exploited, and provide recommendation for mitigation of the risks identified. Majority of the times, application assessments are driven by either of these objectives; to obtain unauthorized access and/or to gain unauthorised access to the sensitive information.

Why do you need Thick Client Applications?

Thick clients applications mainly include both server and client side processing information. Legacy applications are known to use proprietary protocols for communication on the wire. Often times these protocols are either designed specially for the thick client or implemented off the shelf. Traditional penetration testing approach won't work to identify vulnerabilities in such applications. A customised approach is required.

Methodology

Tampering and Reverse Engineering

Reverse engineering a mobile app is the process of analyzing the compiled app to extract information about its source code. The goal of reverse engineering is to comprehend the code.

Process Monitoring

Often times thick applications are known to access client side environment, in terms of filesystem and registry. Sensitive data could be written into these locations for the application to use it during its runtime. Process monitoring tools allow gaining insights into the activities performed so that these resources could be accessed for further review.

Communication Protocol Assessment

Communication channel used by the thick client application needs to be intercepted. This is essential to find out the servers that the application is communicating with during the execution phase. This information will be useful during the assessment of the server itself.

Reconnaissance and Intelligence Gathering

The first step of reconnaissance activity includes passively identifying the hosts and services visible on the Internet. This includes limited Open Source Intelligence phase. During red teaming or related offensive security projects, this exercise involves extensive information gathering about a customer's people, processes and technology in use. Research based threat intelligence is an integral part of any offensive exercise.

Overall, the aim of this phase aims to harvest as much information as possible about your organisation that would be used for later phases.

When was the last time you tested your internal legacy thick client application ?
Call Us Now

Why Defendza ?

Thorough Analysis and Reporting

Our reports are comprehensive and include all the evidence that supports our findings. We give you a risk rating that considers how likely an attack is as well as the impact it could have. We don’t create panic scenarios. Our mitigation is detailed, covering both strategic and tactical areas to help our clients prepare a remediation plan.

Custom tools and scripts

Apart from the range of commercial and open source tools available for specific testing, our team has its own custom scripts for efficient testing. We provide accurate results to make sure our clients completely understand any vulnerabilities we report.

In-house experts

Our teams are led by veteran security consultants accredited by CREST standards for the last several years. Our experience shows that our clients are best served by giving them the right advice for their cyber security needs. We do not believe in spreading fear, uncertainty and doubt to generate more business.

Key Benefits

Our security experts are waiting
Call Us Now

Testimonials

"My experience to date with Defendza has been very positive, I look for a flexible, knowledable security "partner" when I engage a PT firm. Pentest means many things to many people and there are many different use cases for both the testing activity and the report generated and I need someone to work with me to get the absolute best value out of my security budget."

Information Security Officer
Insurance Group

Excellent people to work with. Very good knowledge of requirement and give us correct findings with excellent remedy to improve our security for our B2B portal site."

Head of Technical & Business Improvement
Leading Pharmaceutical Manufacturer

"I thought it was a highly professional and thorough exercise and I would have no hesitation recommending Defendza to any of my connections."

Director, Software Engineering
Global Information and Analytics Company

"Good personal service. We are delighted with the work Defendza did for us. Highly recommended."

CTO
Manchester headquartered Global Fashion Brand

"Extremely satisfied with approach, speed and end results. Thanks."

COO
International fashion label and store

"My experience of the Defendza team was 5 star.  They were so helpful, and their technical delivery and client communication were excellent."

Director, Software Development
Corporate Services Company

Resources

Manufacturers Can’t Afford the Cyber Risks

09/06/2019

Much of the manufacturing industry has failed to take proactive steps to defend against cyber attacks—which is a notable problem considering the growing threats the industry faces