Thick Client Application Testing

Ensure your thick client applications are compliant with regulations.

Protect your Thick Client Applications with security-driven testing, gaining valuable insight into your security posture.

Thick client application testing is critical in protecting your business from cyber threats. At Salus, we simulate attacks commonly used by malicious actors on locally installed software applications to identify vulnerabilities. Our testing methodology will involve ensuring your thick client application is protected from vulnerabilities set out in standards such as OWASP Top 10. The outcomes of testing will result in actionable remediations being provided to help guide your organisation on what can be done to protect yourself from malicious actors.

Here’s an overview of our thick client application testing process:

Preparation: One of our highly skilled consultants will then work with you to prepare for the start of testing. This will involve determining the best testing method, such as providing a link to the thick client application that will be tested or being granted remote access to a device with the application installed. This method will require discussing the best way to get the consultant tools onto the environment.

Testing: This phase of testing will involve our consultants using their skills to identify vulnerabilities within your thick client applications by following methodologies that incorporate standards such as the OWASP top 10.

Static Analysis: Where possible, we use static analysis tools to analyse the application’s source code to identify potential security vulnerabilities. This process helps identify coding issues, such as unescaped user input in SQL queries.

Dynamic Analysis: We use dynamic analysis tools to test the application in real-time to identify potential security This process involves monitoring the application’s behaviour, interactions with the operating system, network communication, and use of memory. Issues that could be identified during this testing stage include sensitive data being stored and recoverable from memory.

Network Analysis: We analyse the network traffic generated by the application to identify any potential security vulnerabilities. This stage of the assessment focuses on the implemented protections around data-in-transit. An example of an issue that could be raised during this assessment stage would be using deprecated encryption methods.

IDENTIFY VULNERABILITIES

Penetration testing of Thick Client applications can help identify vulnerabilities that could be used to compromise the underlying infrastructure that the application communicates with.

REGULATORY COMPLIANCES

Desktop applications are commonly used in the ERP and HR space; the data in these environments frequently have regulatory requirements that they must adhere to, such as PCI DSS and the Data Protection Act. As such, this testing can assist with assuring compliance with these laws.

TIME CONSUMING

Ensuring that Thick Client applications are configured securely can be a time-consuming task. Salus will help by identifying the key misconfigurations and providing guidance on how to remediate them

SENSITIVE DATA

Thick client applications commonly handle sensitive data used by your organisation. Protecting this data through appropriate standards requires proactive, regular testing to stay up to date with industry standards. We help by providing insurance that these standards have been met; if not, actionable guidance is provided to help you meet these standards.

More Application Testing

How we work

Customer Journey

Identify
First, we take time to familiarise ourselves with your business. This allows us to clearly understand your requirements, your business risks, your key pain-points, and the outcomes you’re looking for.
Understand
We turn those requirements into crystal-clear scoping and test plan documents, so you know precisely what we’ll be doing, when we will be doing it, and how we will do it.
Test
We deliver what we promised.
Simple.
Inform
Every report we create is unique based on your business, we don’t use cookie cutter data for our summaries or our remediation plans. Our precise and concise findings brief will advise what steps your business needs to take next to reduce cyber risk.
Remediate
We can ensure that the remediation process is tracked and coordinated within your business, we will allocate resources to point you in the right directions or if you need our help directly with remediation, we’ve got you covered.
Feedback
Your opinion is important to us, so we send a questionnaire to every one of our customers after each project – so you can let us know how we did.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Application Testing