aricoma logo avatar

#1 in Enterprise IT

Penetration tests of desktop applications

Your key applications deserve to be secure. We bring you desktop application security solutions to help you maintain customer trust and protect your sensitive data.

Contact us
Valid from: 23. 08. 2023
Solutions Enterprise Cybersecurity Penetration Tests

Penetration testing of desktop applications

Penetration testing of desktop applications 
They are quite specific compared to web application penetration tests in many respects. They require comprehensive knowledge of secure authentication, access authorization and working with sensitive data, as well as a deep knowledge of programming languages including assembly language, dissembler, debugger with direct use of opcodes. The result is a verification that the application is secure, suitable for production deployment, and does not suffer from any obvious security weaknesses that could pose a direct security risk to the application, its users, and the data itself.

The following is a more detailed list of areas that tend to be critical from a desktop application security perspective, based on our long-term experience. This is not a complete list, but it does give a clearer idea of the scope and complexity of penetration testing for desktop applications, whether it is your own solution you are developing or a third-party solution you are about to deploy in your environment. We're happy to help and advice you with your security solution.

Source Code Analysis 
A combination of static analysis using automated tools and manual code review, 
JAVA, C#, or other languages on request.

Critical areas of security

  • The application stores sensitive data in unencrypted form, 
  • The files created are assigned high access rights,
  • Insufficient server-side input control, 
  • Communication gateway vulnerabilities 
  • Possible DoS tests of the communication gateway, 
  • Sensitive data is sent over an unencrypted communication channel, 
  • SSL/TLS weaknesses (versions, algorithms, key lengths, certificate validity), 
  • Proprietary communication protocol is used, 
  • Weaknesses in mutual authentication of the channel, 
  • Long timeouts waiting for server response, 
  • Insufficient control of client inputs, 
  • Possibilities to bypass the authentication scheme, 
  • Lack of use of multi-factor authentication, 
  • Possibilities of brute-force attack on authentication data, 
  • Weak password policy, 
  • Executable files that are not signed, 
  • Session tokens are not generated with sufficient entropy, 
  • Long user session duration, 
  • Lack of automatic logout on inactivity, 
  • Sensitive information stored in cache memory, 
  • Storing sensitive information in log files, 
  • Cryptography used in data storage that is not secure, 
  • Executable code contains sensitive data, 
  • Sensitive business logic contained in the program, 
  • Developer comments in program files, 
  • No code obfuscators are used, 
  • Sensitive data in memory, 
  • Application business logic flaws. ​

Benefits

  • We are one of the most established market leaders.
  • We have extensive experience in the field of desktop application security. 
  • Our team consists of specialists with experience from hundreds of sub-projects. 
  • We are holders of eMAPT, CISSP, OSCP, OSCE, CEH and many other supporting certifications. 
  • We run our own hacking lab for research in a number of areas dealing with the security of various solutions. 
  • We listen to our clients and tailor tests to their relevant needs and time constraints. 
  • We follow modern trends in desktop application security. 
  • We emphasize a manual approach to testing, which leads to the discovery of more vulnerabilities, especially in the business logic of applications, compared to automated tools.
Share
Print into PDF

References
  • logo zakaznika
    Our penetration tests identified and remediated vulnerabilities within the company Konica Minolta
  • logo zakaznika
    Raising cybersecurity awareness at Broker Consulting
  • logo zakaznika
    Security of clients and employees of ČSOB has been improved not only through penetration tests
  • logo zakaznika
    Audits and sophisticated penetration tests for vulnerability identification for Škoda Auto
  • logo zakaznika
    At T-Mobile, we performed security tests and audits
  • logo zakaznika
    At Deutsche Telekom (T-Systems), we cover the areas of cyber security.
  • logo zakaznika
    Cyber security training services for dozens of OTE employees
  • logo zakaznika
    Implementation of penetration tests to improve the security of ING
  • logo zakaznika
    Implementation of security audits and penetration tests for ČEZ
  • logo zakaznika
    Increasing cyber security at the Hradec Králové University Hospital
    View study case

DO NOT HESITATE TO
CONTACT US

Are you interested in more information or an offer for your specific situation?

By submitting the form, I declare that I have familiarized myself with the information on the processing of personal data in ARICOMA.

We care about your privacy

We use cookie identifiers that are necessary for the functionality of the website. By clicking the "I understand" button, you agree to the use of other types of cookies for statistical traffic measurement or content customization and marketing targeting according to what interests you.

The consent granted in this way can be revoked at any time later or adjusted according to your preferences. This is offered by the "Detailed settings" option, where there is also more detailed information on the whole issue.

I understand Detailed settings Reject everything