Thick client applications involve both local and server-side processing and often use proprietary protocols for communication. They may also contain multiple client side components running at different trust levels. Simple, automated vulnerability assessment scanning isn’t enough. On a Normal Scenario, Security assessments focus on application security like web and mobile, network infrastructure etc.,
This thick client applications can contain many security vulnerabilities like memory corruption, race conditions, injection vulnerabilities, transport layer encryption weakness (cryptographic issues) etc., Such vulnerabilities can lead to a complete compromise of systems where the thick client software is installed, unauthorized access to server-side information and many more.
Propelaxis recommends its clients to carry out a proper security assessment on thick client applications.