Thick Client Application Penetration Testing

  • Course Duration30 Hrs.
  • Course ModeInstructor Led Training
  • Course Fee₹ 9300

About The Course

Thick client is not a new concept but penetration testing process for thick client is not as straight as Web Application Penetration testing. Thick client is basically defined as a client in a client-server network which provides rich functionality, independent of server. In these type of applications, client side involves with major processing activities and server involves in aperiodic connection. Many enterprises use thick client applications for their internal operations.
AICouncil designed this course in a way to let you learn the concept from basic of thick client applications to the approach needs to be made for penetration testing. With hands on session you will practice over all the requirements needed for thick client application and the steps involved in thick client pentesting.

Key Features

Instructor–led training

Highly interactive instructor-led training

Free lifetime access to recorded classes

Get lifetime access of all recored classes in your profile

Regular assignment and assessments

Real-time projects after every module

Lifetime accessibility

Lifetime access and free upgrade to the latest version

3 Years of technical support

Lifetime 24/7 technical support and query resolution

Globally Recognized Certification

Get global industry-recognized certifications

Highlights

  • Interception
  • Local Storage
  • Memory Testing
  • Client-side attacks
  • Cracking
  • Network Attacks
  • Decompiling and Reverse Engineering
  • Dll Hijacking Attack

Mode of Learning and Duration

  • Weekdays - 5 to 6 weeks
  • Weekend - 6 to 7 weeks
  • FastTrack - 4 to 5 weeks
  • Weekdays - 5 to 6 weeks
  • Weekend - 6 to 7 weeks
  • FastTrack - 4 to 5 weeks

 

Course Agenda

  • Overview About Thick Client Application Security Course
  • Introduction to basics of thick client application security
  • Two-Tier architecture
  • Three-Tier architecture
  • Information Gathering Introduction
  • Application Architecture and Identifying the Languages and Frameworks Used
  • Network Communication Between the Client and the Server
  • Use of sysinternals suite and commonly used tools
  • Looking for secret using strings, process hacker and checking Configuration
  • Files Analysis
  • Identifying DLL Hijacking Vulnerability
  • Identifying Interesting Files Bundled with the Thick Client Application
  • Binary Analysis
  • Weak Graphical User Interface
  • Memory Analysis
  • Reverse Engineering using dnSpy and cracking database password
  • Recompiling using dnSpy after modification
  • OWASP TOP10 Vulnerabilities
  • Conducting Injection Attack Manually
  • Network Tools overview and demo
  • Intercepting and modifying with echo mirage | Burp suite
  • Packet manipulating and attacking with scapy
  • Network monitor tool for intercepting process traffic (demo)
  • Explanation on ASLR , DEP and GET- PE-security Demo
  • Checking for Sensitive data in Registry with Regshot
  • Binskim| Binscope | Fxcop Demo for developer Usage
  • Dll Hijacking with Procmon and Msfvenom
  • PowerSploit to Automate Dll Hijacking
  • Debugging to Bypass Security Controls
  • Debugging with DnSpy for admin login
 

 

Projects

Problem Statement: - Develop a manual testing process for detecting missing or ineffective access control.

Description: - Exploiting access control is one of favourite approach that an attacker uses to practice. Access control is detectable using manual means or through automation. It’s weakness primarily because of lack of automated detection and lack of effective functional testing by application developers. Manual testing is best way to detect missing or ineffective access control including HTTP method (GET or PUT), controller, direct object references etc.

Problem Statement: - Develop a process to identify any injection flaw in your mobile application.

Description: - Injection flaws are a class of vulnerability that allow a user to breakout of application context. If your application takes user input and inserts it into a back-end database, shell command or operating system call then your application may be susceptible to an injection flaw. To avoid it before calling external function verify that the data is what you expect i.e. execute a validation function. There are certain exception such as Single Quotes (‘) are valid character on people’s last names. However, if you allow a single quote in a last name field, you can be introducing SQL injection into your application.

Problem Statement: - Make a DoS attack to test any such possible vulnerability

Description: - Denial-of-Service (DoS) is a type of cyber-attack in which one make an attack over a system and interrupt the device’s normal functioning. DoS attacks done by flooding a target device with traffic or information which can trigger a crash. DoS attack deprives the target users of the service they expected. You need to test the mobile device against any possible DoS attack and make sure device can withstand any possible attack.

 

Certification

Career Support

We have a dedicated team which is taking care of our learners learning objectives.

FAQ

There is no such prerequisite if you are enrolling for Master’s Course as everything will start from scratch. Whether you are a working IT professional or a fresher you will find a course well planned and designed to incorporate trainee from various professional backgrounds.

AI Council offers 24/7 query resolution, you can raise a ticket with a dedicated support team and expect a revert within 24 Hrs. Email support can resolve all your query but if still it wasn’t resolved then we can schedule one-on-one session with our instructor or dedicated team. You can even contact our support after completing the training as well. There are no limits on number of tickets raised.
AI council provide two different modes for training one can choose for instructor lead training or learning with prerecorded video on demand. We also offer faculty development programs for college and schools. apart from this corporate training for organization/companies to enhance and update technical skills of the employees. We have highly qualified trainers who are working in the training industry from a very long time and have delivered the sessions and training for top colleges/schools and companies.
We are providing a 24/7 assistance for the ease of the student. Any query can be raised through the interface itself as well as can be communicated through email also. If someone is facing difficulties with above methods mentioned above we can arrange a one on one session with the trainer to help you with difficulties faced in learning. You can raise the query throughout the total training period as well as after the completion of the training.
AI Council offers you the latest, appropriate and most importantly the real-world projects throughout your training period. This makes student to gain industry level experience and converting the learning’s into solution to create the projects. Each Training Module is having Task or projects designed for the students so that you can evaluate your learning’s. You will be working on projects related to different industries such as marketing, e-commerce, automation, sales etc.
Yes, we do provide the job assistance so that a learner can apply for a job directly after the completion of the training. We have tied-ups with companies so when required we refers our students to those companies for interviews. Our team will help you to build a good resume and will trained you for your job interview.
After the successful completion of the training program and the submission of assignments/quiz, projects you have to secure at least B grade in qualifying exam, AI Council certified certificate will be awarded to you. Every certificate will be having a unique number through which same can be verified on our site.
To be very professional and transparent No, we don’t guarantee the job. the job assistance will help to provide you an opportunity to grab a dream job. The selection totally depends upon the performance of the candidate in the interview and the demand of the recruiter.
Our most of the programs are having both the modes of training i.e. instructor led and self-paced. One can choose any of the modes depending upon their work schedule. We provide flexibility to choose the type of training modes. While registering for courses you will be asked to submit your preference to select any of the modes. If any of the course is not offered in both modes so you can check in which mode, the training is going on and then you can register for the same. In any case if you feel you need any other training mode you can contact our team.
Yes, definitely you can opt for multiple courses at a time. We provide flexible timings. If you are having a desire for learning different topics while continuing with your daily hectic schedule our course timing and modes will help you a lot to carry on the learning’s.
Whenever you are enrolling in any of the courses we will send the notification you on your contact details. You will be provided with unique registration id and after successful enrollment all of the courses will be added to your account profile on our website.AI Council provides lifetime access to course content whenever needed.
A Capstone project is an outcome of the culminating learning throughout the academic years. It is the final project that represents your knowledge, efforts in the field of educational learning. It can be chosen by the mentor or by the students to come with a solution.
Yes, for obtaining the certificate of diploma programmer you have to submit the capstone project.