Thick client application testing is critical in protecting your business from cyber threats. At Salus, we simulate attacks commonly used by malicious actors on locally installed software applications to identify vulnerabilities. Our testing methodology will involve ensuring your thick client application is protected from vulnerabilities set out in standards such as OWASP Top 10. The outcomes of testing will result in actionable remediations being provided to help guide your organisation on what can be done to protect yourself from malicious actors.
Here’s an overview of our thick client application testing process:
- Preparation: One of our highly skilled consultants will then work with you to prepare for the start of testing. This will involve determining the best testing method, such as providing a link to the thick client application that will be tested or being granted remote access to a device with the application installed. This method will require discussing the best way to get the consultant tools onto the environment.
- Testing: This phase of testing will involve our consultants using their skills to identify vulnerabilities within your thick client applications by following methodologies that incorporate standards such as the OWASP top 10.
- Static Analysis: Where possible, we use static analysis tools to analyse the application’s source code to identify potential security vulnerabilities. This process helps identify coding issues, such as unescaped user input in SQL queries.
- Dynamic Analysis: We use dynamic analysis tools to test the application in real-time to identify potential security This process involves monitoring the application’s behaviour, interactions with the operating system, network communication, and use of memory. Issues that could be identified during this testing stage include sensitive data being stored and recoverable from memory.
- Network Analysis: We analyse the network traffic generated by the application to identify any potential security vulnerabilities. This stage of the assessment focuses on the implemented protections around data-in-transit. An example of an issue that could be raised during this assessment stage would be using deprecated encryption methods.