Skip to content
Salus Cyber

Application Testing

Thick Client Application Testing

Ensure your thick client applications are compliant with regulations.

Protect your Thick Client Applications with security-driven testing, gaining valuable insight into your security posture.

Thick client application testing is critical in protecting your business from cyber threats. At Salus, we simulate attacks commonly used by malicious actors on locally installed software applications to identify vulnerabilities. Our testing methodology will involve ensuring your thick client application is protected from vulnerabilities set out in standards such as OWASP Top 10. The outcomes of testing will result in actionable remediations being provided to help guide your organisation on what can be done to protect yourself from malicious actors.

Here’s an overview of our thick client application testing process:


  • Preparation: One of our highly skilled consultants will then work with you to prepare for the start of testing. This will involve determining the best testing method, such as providing a link to the thick client application that will be tested or being granted remote access to a device with the application installed. This method will require discussing the best way to get the consultant tools onto the environment.


  • Testing: This phase of testing will involve our consultants using their skills to identify vulnerabilities within your thick client applications by following methodologies that incorporate standards such as the OWASP top 10.


  • Static Analysis: Where possible, we use static analysis tools to analyse the application’s source code to identify potential security vulnerabilities. This process helps identify coding issues, such as unescaped user input in SQL queries.


  • Dynamic Analysis: We use dynamic analysis tools to test the application in real-time to identify potential security This process involves monitoring the application’s behaviour, interactions with the operating system, network communication, and use of memory. Issues that could be identified during this testing stage include sensitive data being stored and recoverable from memory.


  • Network Analysis: We analyse the network traffic generated by the application to identify any potential security vulnerabilities. This stage of the assessment focuses on the implemented protections around data-in-transit. An example of an issue that could be raised during this assessment stage would be using deprecated encryption methods.




First Line Dark


Penetration testing of Thick Client applications can help identify vulnerabilities that could be used to compromise the underlying infrastructure that the application communicates with.


Desktop applications are commonly used in the ERP and HR space; the data in these environments frequently have regulatory requirements that they must adhere to, such as PCI DSS and the Data Protection Act. As such, this testing can assist with assuring compliance with these laws.


Ensuring that Thick Client applications are configured securely can be a time-consuming task. Salus will help by identifying the key misconfigurations and providing guidance on how to remediate them


Thick client applications commonly handle sensitive data used by your organisation. Protecting this data through appropriate standards requires proactive, regular testing to stay up to date with industry standards. We help by providing insurance that these standards have been met; if not, actionable guidance is provided to help you meet these standards.

How we work

Customer Journey

  1. Identify

    First, we take time to familiarise ourselves with your business. This allows us to clearly understand your requirements, your business risks, your key pain-points, and the outcomes you’re looking for.

  2. Understand

    We turn those requirements into crystal-clear scoping and test plan documents, so you know precisely what we’ll be doing, when we will be doing it, and how we will do it.

  3. Test

    We deliver what we promised.

  4. Inform

    Every report we create is unique based on your business, we don’t use cookie cutter data for our summaries or our remediation plans. Our precise and concise findings brief will advise what steps your business needs to take next to reduce cyber risk.

  5. Remediate

    We can ensure that the remediation process is tracked and coordinated within your business, we will allocate resources to point you in the right directions or if you need our help directly with remediation, we’ve got you covered.

  6. Feedback

    Your opinion is important to us, so we send a questionnaire to every one of our customers after each project – so you can let us know how we did.

Request a call back