A thick client, also known as Fat Client is a client in client–server architecture or network and typically provides rich functionality, independent of the server. In these types of applications, the major processing is done at the client side and involves only aperiodic connection to the server.
The most common thick clients are the three tiers where the applications talks to the application server via communication protocol such as HTTP/HTTPS.
Application security assessments of web applications are comparatively easier than thick client application, as these are web based applications which can be intercepted easily and major processing takes place at the server side.
Since the thick client applications include both local and server side processing, it requires a different approach for security assessment. The type of web based vulnerabilities such as Cross Side Scripting and Clickjacking Attacks which are browser based vulnerabilities are no more applicable.
The critical vulnerabilities faced by thick client application such as sensitive data storage on files and registries, DLL, Process and File injection, Memory & Network Analysis are sample techniques utilized by softScheck consultants in assessing thick client’s vulnerabilities.
Thick Client Penetration Testing