Verify the security posture of your Desktop applications against real cyber attacks and repair the vulnerabilities before any breach could happen.
Rich Desktop Application Pentest.
.NET, C/C++, Microsoft Silverlight, Java applets and other types of desktop applications require thorough testing in order to be secured due to their size and the complexity of their technologies.
Using both our ethical hacking and software developers experience, we will provide clients the high risk vulnerabilities in applications and optimum solutions to secure them.
Our Methodology
Krypteia’s approach to Desktop, Thick Client Assessments includes reviewing how application reacts against common input attacks, server-side controls, data communication paths and potential client-related issues.
Static Testing
Search for sensitive information disclosures & de-compile to source code where possible.
Analyzing Config files: reveals URL, Server credentials, Cryptographic keys, Hard coded passwords.
Reverse Engineering: Using reversing tools, executable file/ jar files can be de-compiled which can be modified and repackaged.
Dynamic Testing
Attempt to inject and bypass authentication controls & review data communications functionality.
Input Validation: SQL Injection, Malicious Input acceptance, Command Injection.
Buffer Overflow, File Upload, Business logic validations, Error handling/ Info Leakage, Session management, Log tampering.
Server side Testing
Identify potential for denial of service (DOS) attacks.
Vulnerabilities specific to web servers: Directory Traversal, Command injection, Remote code execution, SQL injection, Sensitive file exposure, Web server miss configuration exploitation.
API/Webservices testing: authorization, IDOR, Injections and exploits, API business logic bypass like skipping payments, API miss-configurations.
System Testing
Review files, registry entries, memory for sensitive information.
Exfiltration of Sensitive data from memory: applications store username, tokens, passwords, encryption keys, unscripted sensitive data. Such information is important for compromising the application.
DLL High-jacking: replacing the actual DLLs with malicious file and bypass protection mechanism.
Contact Us today so we can talk about your Cybersecurity and IT solution needs for your organization!