Thick client software

Below is a list of the benefits or advantages of thick clients. Note that these advantages also correspond to the drawbacks or disadvantages of thin clients. One of the notable advantages of thick client involves the capability to deliver a rich graphic user interface. Examples of such interface include a fully featured operating system, immersive computer program or applications, and graphic intensive video games. Note that most thin clients are unable to render rich graphics due to limitations in processing or computing capabilities and available storage space.

On the other hand, similar to the capability of delivering rich graphic user interface, thick clients can perform resource-intensive data or program processing. Examples include running an app for editing video or audio contents, playing video games, data processing, and computer simulation, among others. A client-server architecture based on thick clients does not need high-performing servers. This is because processing and other hardware functionalities transpire at the local or individual level rather than a centralized level.

This advantage means less costs from buying, installing, and maintaining high-performing servers. In addition, this advantage also means that the server can support more users, thus translating to higher server capacity.

Independence from servers or a networked environment is another advantage of thick clients. Note that devices such as fully-functional personal computers are usable and remains functions. Thick clients do not require consistent network connection unlike thin clients that are heavily dependent on continuously interfacing with their servers. Of course, thick clients still need to interface with their servers, especially for sharing or synchronizing data with the entire network.

Below is a list of the benefits or advantages of thin clients. Note that these advantages also correspond to the drawbacks or disadvantages of thick clients. Connect with us. Sign up. Term of the Day. Best of Techopedia weekly.

News and Special Offers occasional. Thick Client. Techopedia Explains Thick Client. What Does Thick Client Mean? A thick client is a computing workstation that includes most or all of the components essential for operating and executing software applications independently. These usually involve legacy applications. These kinds of thick client applications involve three tiers, wherein the client talks to the application server, which in turn talks to the database.

Examples of these applications involve G-Talk or Yahoo Messenger. Application security assessments of thin client applications are comparatively easier than thick client application, as these are web based applications which can be intercepted easily and major processing takes place at the server side. Since the thick client applications include both local and server side processing, it requires a different approach for security assessment. The table below distinguishes the vulnerabilities faced by a web based and a thick client application:.

Refer to www. Echo mirage is a network proxy tool that uses DLL injection and function hooking techniques to intercept the traffic transmitted and received by the local applications. Traffic can be intercepted in real-time or manipulated with regular expressions and a number of action directives. By launching an executable from Echo Mirage. In this option, the path of the application is provided into the Echo Mirage tool and it launches the selected application.

The data sent and received by the application is intercepted by Echo Mirage. The screenshot below shows the Gtalk traffic intercepted by the Echo Mirage tool. Injecting into a currently running process:. In this, the Echo Mirage tool injects into the process by hooking into the socket calls.

In manycases, the above mentioned tools like Echo Mirage get hanged due to heavy network traffic and become difficult to test. Mallory comes to the rescue in such cases. This can be configured within a virtual machine environment using only network interfaces. The victim virtual machine then configures the Mallory machine as the gateway by manually setting its gateway. The gateway machine will have at least one WAN interface that grants Internet access. The victim network then uses the Mallory gateway to route traffic.

Wireshark is a network protocol analyzer tool that can be used to analyze the network traffic. This tool can be used to study the non-encrypted traffic sent by the thick client application.

It allows for intercepting the traffic for thick client applications. By instructing the client to open its connection to the ITR instead of the server, the entire connection is shifted to work through the ITR, without the client or the server noticing a difference.

This tool can be used to intercept the methods, alter data and also test the security of JAVA applications on your computer. In the following sections, we will discuss the critical vulnerabilities faced by thick client application. The sensitive data stored by these apps usually include username, passwords, database credentials, license details, cryptographic keys, and configuration details like IP address, port, etc….

The attacker can get access to these sensitive details and might compromise the application. In order to assess the application for sensitive data storage, we need to analyze the files and registries used by the application. Process monitor. This tool by default starts monitoring all processes. By setting up proper filters, it can be set to only capture the data related to a particular process. Analyze the registries accessed by the application to check for sensitive details like keys, encrypted passwords, etc….

Analyze the files accessed by the application to check for sensitive details like configuration details, log writing, caching files in folders, etc…. Whenever the tool is opened, a function in the tool validates against this registry value and provides access to the GUI of the tool. During installation, a two tier thick client application stores a configuration file locally on the machine containing the database IP, port, username and password locally.

Exploit: An attacker might get access to this configuration file containing the database connectivity details. He might then directly connect to and compromise the database. Exploit: An attacker can get access to this machine and steal the user-specific details written onto the log files.

We are all aware of capturing requests and tampering with the parameters for the testing of vulnerabilities in web-based applications. As a result, both the request as well as response modifications play a key role in testing the thick client for vulnerabilities.