Sorry, not available in this language yet

English
日本語
简体中文

AppSec SaaS Platform | Integrated, cloud-based AST solution optimized for development and DevSecOps teams.
AppSec IDE Plug-ins | Secure code as you write it in your IDE
Software Risk Management | Manage application security programs at enterprise scale
DevSecOps Integrations | Integrate AppSec tools into DevOps workflows

Static Analysis (SAST) | Address security and quality defects in code as it's being developed
Software Composition Analysis (SCA) | Secure and manage open source risks in applications and containers
Interactive Analysis (IAST) | Automate web security testing within your DevOps pipelines
Dynamic Analysis (DAST) | Continuous web application security testing in production.
Penetration Testing | Identify business-critical vulnerabilities with on-demand testing expertise.
Protocol Fuzzing | Identify defects and zero-day vulnerabilities in services and protocols

Program Strategy & Planning | Measure, scale, and optimize your AppSec program
Threat & Risk Assessments | Understand and address internal and external security risks
Security Training | Equip development teams with the skills they need to produce more secure software
Implementation & Deployment | Optimize utilization, management and deployment of AppSec tools
Security Testing Services | On-demand AppSec testing resources and expertise

Open Source & Security Audits | Comprehensive technical due diligence services for M&A

AI-generated code | Harness the power of AI coding assistants while managing the risks
API Security Testing | Manage software risks with a holistic API security testing program.
AppSec Consolidation | Simplify your application security program
Application Security Testing | Solutions to address security risks at all stages of the application life cycle.
DevSecOps | Solutions to help shift security left without slowing down your development teams.
Software Supply Chain Security | Solutions to identify and manage software supply chain risks end-to-end.
Manage AppSec Risk | Scale your application security program without increasing complexity or adding friction.
Cloud & Container Security | Optimize your applications for secure deployment and operation in the cloud
Open Source License Compliance | Effective solutions for ensuring open source license compliance
M&A Due Diligence | Identify software risks that could negatively impact the value of acquired IP.
Quality & Security Standards Compliance | Ensure your software complies with the standards critical to customers and regulators

Dev and DevOps Teams | Build secure software while maintaining developer productivity and pipeline velocity.
Security Teams | Align people, processes, and technology to minimize software risk and transform your business.
Legal Teams | Solutions to protect your IP and manage risk.

Financial Services | Protect sensitive customer and financial data from rapidly evolving security threats.
IoT & Embedded | Ensure your embedded and IoT devices are safe, secure, and reliable.
Automotive | Build software security & reliability into the modern connected car.
Telecommunications | Create seamless and safe mobile experiences, from silicon to software.
Aerospace & Defense | Solutions for automating mission-critical development.
Public Sector | Application security for government agencies and their suppliers.
Medical Device | Safeguard medical devices and applications.

Thick Client Testing

Customized to fit the unique needs of your thick client software

Because security testing efforts often focus on web and mobile applications, many thick client applications don’t undergo rigorous analysis. However, these applications can contain serious security problems, including memory corruption vulnerabilities, injection vulnerabilities, cryptographic weaknesses, and client-side trust issues. Such vulnerabilities can lead to a complete compromise of systems where the thick client software is installed, unauthorized access to server-side information, and more.

Thick client applications involve both local and server-side processing and often use proprietary protocols for communication. They may also contain multiple clientside components running at different trust levels. Simple, automated vulnerability assessment scanning isn’t enough. That’s why we customize each of our thick client tests to the application.

Download the datasheet

An approach as unique as your software

Our thick client application assessments start with a risk-based analysis of both your thick client software and the server-side APIs it communicates with. The analysis identifies:

High-risk areas in the system
Assets
Attackers
Potential attack vectors

This information, combined with a list of your business risks, gives us a blueprint for testing your thick client software.

Risk-based approach with 5 tracks of analysis

Automated scan
We use a proprietary tool to find common issues in the thick client software. The tool also enumerates the thick client’s network communication, interprocess communication, operating system interactions, and more for our experts to analyze.
Configuration analysis
Our experts analyze your thick client’s configuration, identifying both default configuration problems and ways the application could be configured to bypass security controls. This analysis also ensures that your software uses security features provided by the platform that it runs on.
Network communication analysis
Many thick client attacks involve remote execution. When this is the case, we intercept and analyze network communication in depth and reverse engineer custom protocols when needed. We use a proprietary tool to intercept and modify traffic regardless of the protocol used. We also write plugins for custom protocols to decrypt and parse packets so that we can perform deep analysis.
Server analysis
Most thick clients access some server-side functionality, and the successful exploit of a vulnerability in server-side code can affect all thick clients or central data stores. We analyze the server software using various manual and automated tools during this phase.
Client analysis
We analyze the thick client software itself using a variety of tools. Depending on the specific software and attacks of concern. activities may include performing memory dumps, testing IPC channels that may permit privilege escalation, fuzzing file inputs, and in-depth reverse engineering.

Key benefits

Experience. We’ve tested a wide variety of thick clients, from enterprise software to antivirus software and video games. We customize each assessment to focus on the risks that are most relevant for your software.

Comprehensiveness. Our blended manual and tool-based assessment approach includes a thorough analysis of results, detailed reporting, and actionable remediation guidance.

Flexibility. We recognize that every organization has a different risk profile and tolerance, so we tailor our approach to your needs and budget. We can adjust assessment scope and perform tests more efficiently with access to source code, design documentation, specifications, and so on.

Enablement. At the end of each assessment, we’ll conduct a read-out call to walk you through positive findings and prioritized vulnerabilities based on their likelihood and impact if exploited. We’ll offer mitigation recommendations for each vulnerability and help you develop an actionable remediation plan best suited to your needs. If we create any custom tools or scripts to test your thick client software, we’ll provide these to you so that your testing teams can use them.

If it has software, we can test it

From ATMs to automobiles, if it’s got software it can be hacked. Fortunately, we have solutions to help you improve your software security with…

Internet of Things (IoT)

Adapt security fundamentals to the unique features of the IoT ecosystem

Learn more

Cloud Security

Securely migrate to the cloud or develop something new in the cloud.

Learn more

Embedded Software Testing

Test for vulnerabilities and weaknesses in communications and data storage.

Learn more

Beyond security testing

Your thick client applications can contain your organization’s intellectual property, so you want them to be resistant to reverse engineering and modification. Without expert analysis of binary hardening mechanisms, you won’t know how easily an attacker can reverse engineer or modify your client-side code. We have experience testing obfuscated and hardened applications, breaking security controls such as white box cryptography, and more.

Let’s talk