Fat Client Security Testing
Not every application that communicates with a server runs as a light-weight frontend in your browser. Applications that communicate with a server, but execute a large number of calculations and processes on the client are called Fat Client Applications or Thick Client Applications. This includes, for instance, applets, internet-of-things devices (IoT devices) or smart home devices.
Testing Fat (Thick) Client Applications differs from testing of normal web applications in a few aspects. Special emphasis has to be placed on the client-side and its logic. For that, the device itself or platform specific features and properties have to be taken into account.
We can help you with:
- Analysis of network communication (HTTP, TCP, …), local files as well as the behaviour of the application during the installation and runtime
- Binary analysis (by decompiling the code and general analysis/debugging of other executable files)
- Source code analysis if the code is not available
- Storage analysis
- Extensive report with proposed measures in your desired format
Static code analysis can be a supplement or alternative to penetration testing:
The Big Application Security Penetration Testing FAQ for Clients provides answers to many important questions concerning the commissioning of penetration tests.