Thick Client Security

Thick client applications are still employed for internal operations. NetSPI uses multi-vector testing to identify design and configuration weaknesses.


Due to the unique nature of thick client applications, automated vulnerability assessment scanning isn’t sufficient to capture adequate results. Testing thick clients requires expert manual penetration testing skills and a thoughtful, methodical approach. A thorough application security assessment necessitates specialized tools, custom testing set-up, and shrewd hacking techniques.


NetSPI’s approach to Thick Client Assessments includes reviewing server-side controls, data communication paths, and potential client-related issues.   During the course of an assessment, the NetSPI team will:

  • Attempt to bypass authentication controls
  • Review data communications functionality
  • Review files, registry entries, memory for sensitive information
  • Identify potential for denial of service (DOS) attacks
  • Search for sensitive information disclosures
  • Decompile to source code where possible

By reviewing all of these attack vectors, we’re able to provide clients with a comprehensive understanding of the security posture of their application and how to improve it. Specific areas of our focus will include, but are not limited to:

  • Network transmissions
  • Data storage including files, databases, Windows registry, and the application’s executable and DLL files
  • Failure to protect resources with strong authentication
  • Failure to implement least privilege authorization policy
  • Client-side injection
  • Improper error handling
  • Information leakage
  • Lack of data protection in transit
  • Insecure or unnecessary client-side cryptographic storage
  • Failure to apply server-side controls
  • Parameter manipulation
  • Backdoor identification


The NetSPI Resolve™ platform is critical to thick client penetration testing. It is used to organize all findings in a concise and actionable way. By automating many processes, Resolve allows our consultants to focus on in-depth testing while providing our clients access to the SaaS-based portal.


  • NetSPI’s comprehensive coverage approach provides senior-consulting oversight on every project, enabling your company to leverage the expertise of the entire team of specialists to give you world-class consulting without impacting your budget
  • Our consulting services utilize NetSPI Resolve™ to automate vulnerability results, data aggregation, and reporting so our ethical hackers can focus on providing your organization 20% more vulnerabilities at a higher criticality than our competitors
  • Expert testing in reasonable time frame, and at a reasonable cost
  • Skilled, experienced manual ethical hackers
  • Mature, highly-disciplined, well-documented processes
  • A tester “playbook” containing the very latest attack methods, scripts, and techniques (our top-secret stuff)
  • A current-to-the-minute knowledge base
  • A broad set of commercial, open source, and proprietary tools
  • Detailed and actionable final remediation instruction and guidance
  • Improper cloud services configurations


Contact Us