Thick Client Security-Manual Analysis for Vulnerabilities

Manual Analysis is very important in thick client security. When the thick client is installed, many sensitive files are stored locally under installation folders.

Check all the configuration files for the sensitive information like FTP passwords, MDB password, License keys, Default passwords, API keys etc.

Example 1: Below screenshot has username and password disclosed in one of the config file.

Example 2: Below screenshot has license information disclosed in one of the .js file, which can be tampered to increase license validity.

Remediation: Suggested not to store any sensitive information unnecessarily. If it required to store then use encryption techniques.

!! Happy Learning !!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store