Thick Client Security - Manual Analysis for Vulnerabilities

Manual Analysis is very important in thick client security. When the thick client is installed, many sensitive files are stored locally under installation folders.

Check all the configuration files for the sensitive information like FTP passwords, MDB password, License keys, Default passwords, API keys etc.

Example 1: Below screenshot has username and password disclosed in one of the config file.

Example 2: Below screenshot has license information disclosed in one of the .js file, which can be tampered to increase license validity.

Remediation: Suggested not to store any sensitive information unnecessarily. If it required to store then use encryption techniques.

!! Happy Learning !!