Thick Client Pentesting Checklist

OWASP Based Checklist by Hariprasaanth R

Also available on Notion

INFORMATION GATHERING

Information Gathering

Find out the application architecture (two-tier or three-tier)
Find out the technologies used (languages and frameworks)
Identify network communication
Observe the application process
Observe each functionality and behavior of the application
Identify all the entry points
Analyze the security mechanism (authorization and authentication)

Tools Used

GUI TESTING

Test For GUI Object Permission

Display hidden form object
Try to activate disabled functionalities
Try to uncover the masked password

Test GUI Content

Look for sensitive information

Test For GUI Logic

Try for access control and injection-based vulnerabilities
Bypass controls by utilizing intended GUI functionality
Check improper error handling
Check weak input sanitization
Try privilege escalation (unlocking admin features to normal users)
Try payment manipulation

Tools Used

UISpy
Winspy++
Window Detective
Snoop WPF

FILE TESTING

Test For Files Permission

Check permission for each and every file and folder

Test For File Continuity

Check strong naming
Authenticate code signing

Test For File Content Debugging

Look for sensitive information on the file system (symbols, sensitive data, passwords, configurations)
Look for sensitive information on the config file
Look for Hardcoded encryption data
Look for Clear text storage of sensitive data
Look for side-channel data leakage
Look for unreliable log

Test For File And Content Manipulation

Try framework backdooring
Try DLL preloading
Perform Race condition check
Test for Files and content replacement
Test for Client-side protection bypass using reverse engineering

Test For Function Exported

Try to find the exported functions
Try to use the exported functions without authentication

Test For Public Methods

Make a wrapper to gain access to public methods without authentication

Test For Decompile And Application Rebuild

Try to recover the original source code, passwords, keys
Try to decompile the application
Try to rebuild the application
Try to patch the application

Test For Decryption And DE obfuscation

Try to recover original source code
Try to retrieve passwords and keys
Test for lack of obfuscation

Test For Disassemble and Reassemble

Try to build a patched assembly

Tools Used

REGISTRY TESTING

Test For Registry Permissions

Check read access to the registry keys
Check to write access to the registry keys

Test For Registry Contents

Inspect the registry contents
Check for sensitive info stored on the registry
Compare the registry before and after executing the application

Test For Registry Manipulation

Try for registry manipulation
Try to bypass authentication by registry manipulation
Try to bypass authorization by registry manipulation

Tools Used

Regshot
Procmon
Accessenum

NETWORK TESTING

Test For Network

Check for sensitive data in transit
Try to bypass firewall rules
Try to manipulate network traffic

Tools Used

Wireshark
TCPview

ASSEMBLY TESTING

Test For Assembly

Tools Used

PESecurity

MEMORY TESTING

Test For Memory Content

Check for sensitive data stored in memory

Test For Memory Manipulation

Try for memory manipulation
Try to bypass authentication by memory manipulation
Try to bypass authorization by memory manipulation

Test For Run Time Manipulation

Try to analyze the dump file
Check for process replacement
Check for modifying assembly in the memory
Try to debug the application
Try to identify dangerous functions
Use breakpoints to test each and every functionality

Tools Used

Process Hacker
HxD
Strings

TRAFFIC TESTING

Test For Traffic

Analyze the flow of network traffic
Try to find sensitive data in transit

Tools Used

Echo Mirage
MITM Relay
Burp Suite

COMMON VULNERABILITIES TESTING

Test For Common Vulnerabilities

PreviousIoS Pentesting Checklist NextSecure Code Review Checklist

Last updated 12 months ago