Professional Documents
Culture Documents
Thick Client Testcases
Thick Client Testcases
Thick Client Testcases
Registry 2
6
An adversary can get system
privileges on the Database server
database/application server 7
Application Level 12
Others
Anywhere in the application 16
Note - Risk should be set depending upon the Impact and Likelihood of the attac
Resources - http://resources.infosecinstitute.com/application-sec
Check for sensitive information stored in config files in cleartext in the application installed d
Analyze the registries accessed by the application to check for sensitive details like keys, encrypted passwords etc.
Look for sensitive information hard coded in the application source code by using simple tex
Check whether auditing and logging is enabled. If Yes, then look for sensitive data as the u
Run a Port Scan on the server. Enumerate all the known services and try to gain access to
the server.
Run Wireshark/echomirage and check whether there is any traffic directed towards the
database.(Check for sql queries in the request)
Binary analysis - Check whether application makes use of common exploit mitigation
techniques
CSV injection
SQL Injection
Session Management
Authentication
Authorization
Input validations
Password management
Response Modification
DLL Hijacking
nding upon the Impact and Likelihood of the attack. Also the criticality of the Application should be considered.
p://resources.infosecinstitute.com/application-security-testing-of-thick-client-applications/#gref
Medium http://resources.infosecinstitute.com/practical-thick-clien
Winhex Tool
Medium http://resources.infosecinstitute.com/damn-vulnerable-t
Process hacker
High
High
High
High
High
High
High
High
High
High
High