WebApp Sec mailing list archives
Pentesting of Thick client and client-server applications
From: Balaji Vasanth <balaji_vasanth14 () yahoo com>
Date: Tue, 7 Jun 2011 09:23:09 +0530 (IST)
Hi, Are there any specific set of methodologies/approaches, tools for the vulnerability testing of client-server applications and standalone apps developed in different languages? I could just think of using some TCP proxies (Echomirage, TCP Catcher etc) to intercept the client-server traffic and go ahead, debuggers like Ollydbug, WinDbg, GNU to understand the calls at client-side and some disassemblers & fuzzers (not sure on which to choose). For some thick clients communicating on Port 80/443 with the server, i am using the Fiddler plugin "Watcher". Is that good enough...? Thanks in advance Regards M. Balaji Swaminathan This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Pentesting of Thick client and client-server applications Balaji Vasanth (Jun 07)
- Re: Pentesting of Thick client and client-server applications Irene Abezgauz (Jun 07)
- Re: Pentesting of Thick client and client-server applications Security Auditor (Jun 07)