Thick client is not a new concept but penetration testing process for thick client is not as straight as Web Application Penetration testing. Thick client is basically defined as a client in a client-server network which provides rich functionality, independent of server. In these type of applications, client side involves with major processing activities and server involves in aperiodic connection. Many enterprises use thick client applications for their internal operations.
AICouncil designed this course in a way to let you learn the concept from basic of thick client applications to the approach needs to be made for penetration testing. With hands on session you will practice over all the requirements needed for thick client application and the steps involved in thick client pentesting.
Problem Statement: - Develop a manual testing process for detecting missing or ineffective access control.
Description: - Exploiting access control is one of favourite approach that an attacker uses to practice. Access control is detectable using manual means or through automation. It’s weakness primarily because of lack of automated detection and lack of effective functional testing by application developers. Manual testing is best way to detect missing or ineffective access control including HTTP method (GET or PUT), controller, direct object references etc.
Problem Statement: - Develop a process to identify any injection flaw in your mobile application.
Description: - Injection flaws are a class of vulnerability that allow a user to breakout of application context. If your application takes user input and inserts it into a back-end database, shell command or operating system call then your application may be susceptible to an injection flaw. To avoid it before calling external function verify that the data is what you expect i.e. execute a validation function. There are certain exception such as Single Quotes (‘) are valid character on people’s last names. However, if you allow a single quote in a last name field, you can be introducing SQL injection into your application.
Problem Statement: - Make a DoS attack to test any such possible vulnerability
Description: - Denial-of-Service (DoS) is a type of cyber-attack in which one make an attack over a system and interrupt the device’s normal functioning. DoS attacks done by flooding a target device with traffic or information which can trigger a crash. DoS attack deprives the target users of the service they expected. You need to test the mobile device against any possible DoS attack and make sure device can withstand any possible attack.
There is no such prerequisite if you are enrolling for Master’s Course as everything will start from scratch. Whether you are a working IT professional or a fresher you will find a course well planned and designed to incorporate trainee from various professional backgrounds.