Forum Diskusi dan Komunitas Online

Full Version: Thick Client Pen Testing: A Comprehensive Guide for 2025
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
What is a Thick Client Application?

Thick client in cyber security are those that are installed locally on the user’s desktop or laptop. These apps are full-featured and may function independently of the Internet, as opposed to web applications, which must always be linked to the Internet. Examples of thick client applications include:


  • Computer games
  • Web browsers
  • Music Players
  • Tools for video and conversation, such as Zoom, Slack, Teams

Common Architectures of Thick Client Applications:

Thick client applications may have various forms of architectures based on the backend interaction, data storage, and processing. The cognizance of these structures would assist in the evaluation of performance and behaviour of security, particularly in thick client pentesting scenarios.
 
  • Standalone Architecture: Completely operates in the local machine without the need for internet or server connection. This helps in tools such as image editors or calculators, where all the logic and data are local. 
  • Two-tier applications are stand-alone apps with the server/database and client installed on the same system or internal network. Traffic from the thick client is sent directly to the server, bypassing intermediaries such as the Internet or an application server.
  • Three-tier apps: These apps may communicate via the Internet and handle their business logic by an application server. The thick client resides on the user’s desktop, but the application server and database may be elsewhere. HTTP/S protocols are commonly used for network connections and interactions, allowing for standard requests and answers. In addition, certain thick clients may employ other protocols such as FTP/S, TCP, and UDP.
  • Service-Oriented Architecture (SOA): Contemporary thick clients can invoke APIs or microservices to complete a particular task. The architecture can be modularly upgraded and can be found in hybrid enterprise settings.

Both structures have impacts on the behaviours of the application in various conditions, and determine which type of test is necessary. As an instance, three-tier and SOA multiplications tend to require network protocol examination as opposed to standalone apps that must offer increased attention to local file and memory analysis.