WebApp Sec mailing list archives

Pentesting of Thick client and client-server applications

From: Balaji Vasanth <balaji_vasanth14 () yahoo com>
Date: Tue, 7 Jun 2011 09:23:09 +0530 (IST)

Hi,

Are there any specific set of methodologies/approaches, tools for the vulnerability testing of client-server 
applications and standalone apps developed in different languages? 

I could just think of using some TCP proxies (Echomirage, TCP Catcher etc) to intercept the client-server traffic and 
go ahead, debuggers like Ollydbug, WinDbg, GNU to understand the calls at client-side and some disassemblers & fuzzers 
(not sure on which to choose). For some thick clients communicating on Port 80/443 with the server, i am using the 
Fiddler plugin "Watcher". Is that good enough...?

Thanks in advance

Regards

M. Balaji Swaminathan



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Current thread:

Pentesting of Thick client and client-server applications Balaji Vasanth (Jun 07)
- Re: Pentesting of Thick client and client-server applications Irene Abezgauz (Jun 07)
  - Re: Pentesting of Thick client and client-server applications AK (Jun 07)
- Re: Pentesting of Thick client and client-server applications Security Auditor (Jun 07)