Add your offcanvas content in here

The Company

Portfolio

Overview Application Security

Simplifying your IT-security journey.

Security Testing

Fat Client Security Testing

01. Basics02. Our Services03. Your Benefit

Fat clients are powerful applications outside the browser – and therefore an attractive target for attackers. With our Fat Client Security Testing, we reliably uncover the specific vulnerabilities of such systems.

In contrast to classic web applications, fat clients perform many processing tasks directly on the end device. Whether applets, IoT devices or smart home applications – they bring their own security risks. In addition to the secure implementation of the client-side logic, securing the data transmission is particularly crucial. In addition, there are platform- and device-specific characteristics that must be taken into account in the security assessment.

A standard web test is not sufficient here – a specialized approach is required to comprehensively and practically test fat clients.

Our Services

Offer

We offer an individual security analysis of your fat client applications. Typical test modules are:

  • Analysis of network communication: Examination of HTTP, TCP, etc., including analysis of local files and behavior during installation and runtime.
  • Binary analysis: Decompilation, debugging and evaluation of executable files.
  • Source code analysis: If available, review of the implementation with a focus on security-critical aspects.
  • Memory analysis: Identification of sensitive data and potential manipulation options.
  • Reporting: Detailed results report with clearly prioritized recommendations for action in your desired format.

Approach

Approach

Our testing approach is specifically tailored to the architecture and functionality of fat clients. We combine methods from classic app tests with binary and platform-specific analyses.

  1. Scoping & Planning: Definition of target platforms and test priorities.
  2. Runtime Analysis: Examination of communication, installation, and runtime behavior.
  3. Static Analysis: Review of code or executable files.
  4. Memory and System Tests: Analysis of data storage in memory and on data carriers.
  5. Evaluation & Reporting: Documentation of findings with practical recommendations for action.

Checkpoints

Approach

Our tests focus on the most important security aspects:

  • Securing client logic against manipulation
  • Confidentiality and integrity of network communication
  • Vulnerabilities in binary files and libraries
  • Secure storage of sensitive data locally and in memory
  • Compliance with best practices for fat clients and IoT devices
  • Traceable and prioritized result reports

Your Benefit

With our Fat Client Security Testing, you gain clarity about the specific risks of your applications – and gain a well-founded basis for secure further development.

Our specialized analyses uncover vulnerabilities that often remain hidden with classic web tests. You benefit from a comprehensive assessment of your fat client applications, tailored to their platform, application environment and protection requirements.

  • Tailored testing approach for fat clients
  • Detection of vulnerabilities in client logic, communication and memory
  • Combination of static, dynamic and binary analysis
  • Clear recommendations for action for developers and operators
  • Improved security of IoT and smart home applications
  • Adaptation of test methods to platform and architecture
  • Detailed reporting for management and technology
  • Strengthening compliance and customer security

Björn Kirschner

Take the first step and get in touch.

E-mail

mgm DeepDive

Fat clients differ fundamentally from classic web applications. While web applications primarily run in the browser and are server-centric, fat clients shift many functions to the end device. This creates new security risks that are not covered by classic web tests.

Web application Fat Client
Runtime environment Runs in the browser, highly standardized Runs outside the browser, platform-specific and often proprietary
Data processing Processing primarily on the server Processing partially or predominantly on the client device
Attack surface Browser, server and network Client logic, binaries, local data storage, communication, server
Analysis focus Web technologies (HTTP, HTML, JavaScript, APIs) Binary analysis, memory checking, network protocols, client-specific logic
Security risks Cross-site scripting, SQL injection, session management Reverse engineering, manipulation of client-side logic, insecure local data, protocol abuse
Testing approach Standardized web penetration tests (e.g., OWASP Top 10) Combination of static, dynamic and binary analysis