WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Pentesting of Thick client and client-server applications

From: Security Auditor <auditor.sec () gmail com>
Date: Tue, 7 Jun 2011 15:15:13 +0200
I would recommend use of application testing tools like Acunetix,
appscan, Netsparker, Nexpose etc to name a few and then proceed
further with manual testing and validating the findings.

Fuzzing is important, but then it depends on what is the base of your
application.
Source code review is another option which you can explore.



On Tue, Jun 7, 2011 at 5:53 AM, Balaji Vasanth
<balaji_vasanth14 () yahoo com> wrote:

Hi,

Are there any specific set of methodologies/approaches, tools for the vulnerability testing of client-server 
applications and standalone apps developed in different languages?

I could just think of using some TCP proxies (Echomirage, TCP Catcher etc) to intercept the client-server traffic and 
go ahead, debuggers like Ollydbug, WinDbg, GNU to understand the calls at client-side and some disassemblers & 
fuzzers (not sure on which to choose). For some thick clients communicating on Port 80/443 with the server, i am 
using the Fiddler plugin "Watcher". Is that good enough...?

Thanks in advance

Regards

M. Balaji Swaminathan



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------






-- 
Cheers,
Audi



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: