Thick Client Application Penetration Testing Introduction.

Penetration testing

All Basic Information About Thick Client Application

Thick Client Application is basically also called Desktop Application. Thick Client is a Client Side as well as Server Side Processing System. So Thick Client Application Penetration Testing is part where we Penetrate the Data on Client Side i:e the in the System Storage as well as at Server Side which is similar to Web Application Penetration Testing Process.

Thick Client Application Examples Are

  • Firefox Browser.
  • Chrome Browser.
  • Zoom Meeting Application.
  • Desktop Games. (Includes Online Gaming Platform)
  • Burp-suite.

This Thick Client Applications are developed using various programming languages like

  1. .Net
  2. Java
  3. C/C++
  4. Microsoft Silverlight

So their are 2 Types of Architecture in Thick Client Application

  • 2 Tier Application
  • 3 Tier Application

2 Tier Application

2 Tier Application Basically is Client-Server Communication System were Client directly communicates with the server without any interface. In this case Server may be on the same server machine were the Client side is present.


  1. Offline Desktop Games.
  2. Any Kind of Management Services Application.
  3. Music Player.

3 Tier Application

3 Tier Application is Basically were Client communicates with Application Server and forward the Data or Request to the Database which is much similar to Web Application Process.


  1. Chrome Browser.
  2. Firefox Browser.
  3. ZAP Proxy.
As you know Thick Client Application Also uses the Web Application OWASP Top 10 2017 Category (You may Convert this category as per the OWASP Top 10 2021)
  1. A1 : Injection
  2. A2 : Broken Authentication
  3. A3 : Sensitive Data Expose
  4. A4 : XML External Entities
  5. A5 : Broken Access Control
  6. A6 : Security Misconfiguration.
  7. A7 : Cross Site Scripting.
  8. A8 : Insecure Deserialization.
  9. A9 : Using Component with Known Vulnerabilities.
  10. A10 : Insufficient Logging and Monitoring.
First of all keep it mind that this approach to test the application is Complicated and you need a specific approach toward the application. Most of the test cases are generated depending on the application behaviour.
  1. You have to gather the technologies that is being used by the application.
  2. Spend some time on the application as get to know the behaviour.
  3. Identify all kind of Entry and exit points of the application.

Credit –  Saeel Relekar


AA Certification