This article discusses the top vulnerabilities in a two tier thick client application.
Thick client is defined as an applicationclient that processes data in addition to rendering. An example of thick client application would be a VB.NET or Java Swing application that communicates with a database.I have generally observed in these types of applications have weak access controls, weak authentication management, information disclosure, improper error handling or application crash.
It is interesting to note that most of the Open Web Application Security Project (OWASP) Top 10 vulnerabilities are as applicable to Thick Client applications as they are to web applications.Let us map them for simplicity.
| Sr | OWASP Top 10 (Web Apps) | Thick Client |
| 1 | Unvalidated Input | Unvalidated Input |
| 2 | Broken Access Control | Broken Access Control |
| 3 | Broken Authentication & Session Management | Weak Authentication & Session Management |
| 4 | Cross-Site Scripting Flaws | Not Applicable |
| 5 | Buffer Overflows | Buffer Overflows |
| 6 | Injection Flaws | Injection Flaws |
| 7 | Improper Error Handling | Improper Error Handling |
| 8 | Insecure Storage | Insecure Storage |
| 9 | Denial of Service | Denial of Service |
| 10 | Insecure Configuration Management | Insecure Configuration Management |
0 comments:
Post a Comment