Abhi Gowda

Manual Analysis is very important in thick client security. When the thick client is installed, many sensitive files are stored locally under installation folders.

Check all the configuration files for the sensitive information like FTP passwords, MDB password, License keys, Default passwords, API keys etc.

Example 1: Below screenshot has username and password disclosed in one of the config file.

Example 2: Below screenshot has license information disclosed in one of the .js file, which can be tampered to increase license validity.

--

--

When the thick client application is installed and signed up. the sensitive information like password will be stored in registry.

Use windows operating system “registry editor” tool to view registry entries. by using this tool we can search for keywords like username, passwords etc.. or we can navigate to particular registry path of installed thickclient application and look for sensitive information.

--

--