Desktop Thick Client Assessment
Penetration testing of thick clients generally comprises of application familiarisation followed by assessment using the following key areas as a starting point for response and behaviour analysis.
Application familiarisation
Information gathering is the most fundamental step in security testing. It allows the tester to become familiar with the application’s design and implementation, and subsequently prioritise testing effort based on the highest risk areas of the system. When assessing thick-client applications, the key goals of this of this phase include identifying key technologies and components, security controls, attempting de-compilation of the application, and analysing the communications between the client and server.
Authorisation and access control
If authentication is not conducted robustly, an attacker may be able to access application functionality without identifying themselves to the system or may be able to supply a fraudulent identity when performing application actions. It may also be possible for an attacker to masquerade as a legitimate user – accessing private information or executing actions on behalf of the victim. The failure of authorisation and access controls may allow an attacker to view data or perform actions which they are not entitled to access.
Cryptography
Cryptography is often the approach taken to provide a secure means of storing or transmitting sensitive data but it is notoriously complex to design, implement, and configure. Issues with cryptography often result in the compromise of sensitive data as protections are usually applied to critical components and information. Key goals of this phase include:
Validating that data transferred between the client and server are adequately protected to prevent man-in-the-middle attacks,
Ensuring that where cryptographic security controls have been implemented, they are resilient against cryptanalysis.
Client-side security
Thick client applications typically run with the privileges of the current user and are not sandboxed like their web based counter parts. With the ability to modify local files and system settings there is the possibly that an application could reduce the overall security of an end-user’s system, or store sensitive information locally which then becomes unmanaged.
Data protection
This phase consists of examination of how the application stores potentially sensitive information on workstation and scenarios were application data may be recovered from a compromised or stolen desktop system. Key aspects of this phase include:
Analysis of application folders, and for storage of sensitive data such as user credentials and digital certificates,
Identifying the use of cryptographic storage and attempt to identify weaknesses in those,
Analysis of application logs, caches, Windows register and system files for sensitive information or hidden functionality.
Areas of focus
The Feisty Fox Security Technical Security Team are highly experienced in the testing of Wireless Network deployments including both Unclassified and Protected networks.
Feisty Fox Security wireless assessments are conducted in accordance with generally accepted security better practice principles (Confidentiality, Integrity, Availability, Authentication, Accountability, Least Privilege and Defence-in-Depth) and recognised industry standards.