{"id":11772,"date":"2021-05-21T11:06:55","date_gmt":"2021-05-21T09:06:55","guid":{"rendered":"https:\/\/usd.formwandler.rocks\/security-analysis-pentests\/pentest-fat-clients\/"},"modified":"2025-12-11T13:42:24","modified_gmt":"2025-12-11T12:42:24","slug":"pentest-fat-clients","status":"publish","type":"page","link":"https:\/\/www.usd.de\/en\/pentest\/pentest-fat-clients\/","title":{"rendered":"Pentest Fat Clients"},"content":{"rendered":"<p>[et_pb_section fb_built=\"1\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"0px||0px||true|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" width=\"100%\" custom_padding=\"0px||||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" text_text_color=\"#FFFFFF\" text_font_size=\"30px\" text_line_height=\"1.2em\" header_font=\"Roboto||||||||\" header_text_color=\"#F07F1D\" header_font_size=\"50px\" background_image=\"https:\/\/www.usd.de\/wp-content\/uploads\/usd-herolab-fat-client-pentest-header.jpg\" custom_margin=\"-31px||0px||false|false\" custom_padding=\"166px|15px|62px|15px|false|true\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h1 class=\"x-text-content-text-primary\" style=\"text-align: center\">Pentest Fat Clients<\/h1>\n<p style=\"text-align: center\">Protect Your Native Applications<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" background_color=\"RGBA(0,0,0,0)\" custom_margin=\"0px|0px|0px|0px|true|true\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h2 class=\"h-custom-headline h2\">What Are the Entry Points for Attackers on Fat Clients?<\/h2>\n<p>Companies often use so-called fat clients for various internal and external business functions, which are often developed in C\/C++, .NET or Java and run natively on the operating system without being accessible via the browser. These applications are often developed in-house and can pose a high risk to corporate IT security. Since the analysis of a fat client differs significantly from a<span>\u00a0<\/span><a href=\"\/en\/security-analysis-pentests\/pentest-webapplications\/\">web application<\/a><span>\u00a0<\/span>analysis in terms of the approach taken by analysts, vulnerabilities in fat clients are often overlooked.<\/p>\n<p><span>During our fat client pentest, our\u00a0<\/span><a href=\"https:\/\/herolab.usd.de\/en\/our-experts\/\" target=\"_blank\" rel=\"noopener\">security analysts<\/a><span>\u00a0comprehensively analyze your native applications running on Windows or Unix systems\u00a0<\/span><span>and identify possible entry points for attackers.<\/span><\/p>\n<div class=\"x-text\"><\/div>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"||3px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_divider _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"||1px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_divider][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" header_3_text_color=\"#F07F1D\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h3>Common Vulnerabilities Include:<\/h3>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_4,3_4\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"||1px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/icon-schwachstelle-orange-003.png\" title_text=\"icon-schwachstelle-orange-003\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<ul>\n<li>Lack of or weak access control (Broken Access Control)<\/li>\n<li>Use of IT components with known vulnerabilities<\/li>\n<li>Missing or weak server-side privilege validation<\/li>\n<li>Escalation of user privileges (Privilege Escalation)<\/li>\n<\/ul>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"6px||3px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_divider _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"-3px||1px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_divider][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.27.4\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h2>How Does usd AG Proceed with the Pentest of Your Fat Clients?<\/h2>\n<p>Our pentests are conducted according to a standardized <a href=\"https:\/\/www.usd.de\/en\/pentest\/pentest-approach\/\">approach<\/a>, which is enhanced by specific aspects for fat client pentests:<\/p>\n<p>Conducting fat client pentests requires a high level of technical expertise as well as in-depth understanding of the programming language used, such as C\/C++, .NET or Java. We focus especially on the analysis of the data traffic between client and server and the correct check of access rights on the server side when analyzing a fat client. We often develop our own client as a means of communication with the server and as a proof of concept in order to verify and exploit the identified attack vectors.<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.27.0\" _module_preset=\"default\" locked=\"off\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.27.0\" _module_preset=\"default\" border_color_all=\"#F07F1D\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_testimonial author=\"Florian Haag\" job_title=\"Managing Consultant IT Security\" portrait_url=\"https:\/\/www.usd.de\/wp-content\/uploads\/Florian-Haag-rund.png\" quote_icon_color=\"#F07F1D\" quote_icon_background_color=\"#FFFFFF\" font_icon=\"&#xe06a;||divi||400\" portrait_width=\"200px\" portrait_height=\"200px\" use_icon_font_size=\"on\" icon_font_size=\"35px\" _builder_version=\"4.27.4\" _module_preset=\"default\" background_color=\"RGBA(255,255,255,0)\" custom_padding=\"3%||2%||false|false\" animation_style=\"fade\" border_width_all=\"2px\" border_color_all=\"#F07F1D\" border_radii_portrait=\"on|100%|100%|100%|100%\" border_color_all_portrait=\"RGBA(255,255,255,0)\" box_shadow_style_image=\"preset4\" box_shadow_horizontal_image=\"0px\" box_shadow_vertical_image=\"0px\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<span style=\"font-size: 18px;font-weight: 300\">Due to their reliability and longevity, desktop applications are still central to the core processes of companies and are indispensable for the daily work of users. In contrast to web applications, however, the vulnerability of desktop applications is often underestimated. Our specialists in the fat client analysis help you to uncover vulnerabilities through comprehensive pentests and protect your organization.<\/span>[\/et_pb_testimonial][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.27.4\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h2>What Checks Are Included in Your Fat Client Pentests?<\/h2>\n<p>These checks are part of fat client pentests, among others:<\/p>\n<ul>\n<li>Check for OWASP TOP 10 (e.g. vulnerability in session management)<\/li>\n<li>Analysis of the connection setup between client and server including the functions used<\/li>\n<li>Analysis of business and application logic<\/li>\n<li>Analysis of files and registry entries created by the application<\/li>\n<li>Verification of the architecture of the client<\/li>\n<\/ul>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"||0px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_divider _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"||1px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_divider][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_4,3_4\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"0px||1px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/icon-symbol-orange-007-2.png\" title_text=\"icon-symbol-orange-007\" _builder_version=\"4.16\" _module_preset=\"default\" width=\"78%\" module_alignment=\"center\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<p><span>Depending on the programming language, we optionally perform\u00a0<\/span><a href=\"\/en\/security-analysis-pentests\/code-review\/\">code reviews<\/a><span>\u00a0for critical applications. Here, we analyze the source code for security vulnerabilites and enable an\u00a0<\/span><a href=\"\/en\/news-supreme-discipline-code-review\/\">highly in-depth analysis<\/a><span>. In addition, we check compliance with recognized secure coding guidelines and best practices.<\/span><\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"22px|auto||auto||\" custom_padding=\"6px||3px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_divider _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"-3px||1px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_divider][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"2_5,3_5\" _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"57px|auto||auto||\" custom_padding=\"||53px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"2_5\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/usd-pentest-webseite-IV-1.jpeg\" title_text=\"usd-pentest-webseite-IV\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_5\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h2>Are Your Systems Protected against Attackers?<\/h2>\n<p><span>We are happy to discuss your options for analyzing your fat clients by our security analysts. Feel free to contact us.<\/span><\/p>\n<p>[\/et_pb_text][et_pb_button button_url=\"\/en\/contact-form-analysis-pentests\/\" button_text=\"Contact us\" _builder_version=\"4.16\" _module_preset=\"7d5eca5e-7ccf-4359-a023-e8404a31180a\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_button][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h2>Get More Insights<\/h2>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_2,1_2\" _builder_version=\"4.21.0\" _module_preset=\"default\" background_blend=\"multiply\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_2\" _builder_version=\"4.21.0\" _module_preset=\"default\" background_color=\"rgba(46,53,61,0.86)\" background_image=\"https:\/\/www.usd.de\/wp-content\/uploads\/usd-kachel-leistung-pentest-2.jpg\" background_blend=\"multiply\" global_colors_info=\"{}\" background__hover_enabled=\"off|hover\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"2f9ba085-a5fa-4356-993b-05b9ace0780d\" custom_padding=\"47px|30px|25px|30px|false|true\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h3><span style=\"color: #ffffff\">Pentest: Our standardized approach<\/span><\/h3>\n<p>[\/et_pb_text][et_pb_button button_url=\"https:\/\/www.usd.de\/en\/pentest\/pentest-approach\/\" button_text=\"Learn more\" button_alignment=\"center\" _builder_version=\"4.21.0\" _module_preset=\"7244f902-5e49-458a-9554-eef332089ce2\" custom_margin=\"||26px||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_button][\/et_pb_column][et_pb_column type=\"1_2\" _builder_version=\"4.21.0\" _module_preset=\"default\" background_color=\"rgba(46,53,61,0.86)\" background_image=\"https:\/\/www.usd.de\/wp-content\/uploads\/usd-security-analysis-pentest-header.jpg\" background_blend=\"multiply\" global_colors_info=\"{}\" background__hover_enabled=\"off|hover\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"2f9ba085-a5fa-4356-993b-05b9ace0780d\" custom_padding=\"47px|30px|25px|30px|false|true\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h3><span style=\"color: #ffffff\">Pentest: Your benefits at a glance<\/span><\/h3>\n<p>[\/et_pb_text][et_pb_button button_url=\"https:\/\/www.usd.de\/en\/pentest\/pentest-benefits\/\" button_text=\"Learn more\" button_alignment=\"center\" _builder_version=\"4.21.0\" _module_preset=\"7244f902-5e49-458a-9554-eef332089ce2\" custom_margin=\"||26px||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_button][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Pentest Fat Clients Protect Your Native ApplicationsWhat Are the Entry Points for Attackers on Fat Clients? Companies often use so-called fat clients for various internal and external business functions, which are often developed in C\/C++, .NET or Java and run natively on the operating system without being accessible via the browser. These applications are often [&hellip;]<\/p>\n","protected":false},"author":96,"featured_media":0,"parent":40183,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-11772","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages\/11772","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/comments?post=11772"}],"version-history":[{"count":5,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages\/11772\/revisions"}],"predecessor-version":[{"id":62977,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages\/11772\/revisions\/62977"}],"up":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages\/40183"}],"wp:attachment":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media?parent=11772"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}