[Owasp-delhi] Thick client security testing

nileshkumar83 at gmail.com nileshkumar83 at gmail.com
Tue Aug 17 05:45:43 EDT 2010


Rarely the Java clients use HTTP for communication, so MiTM is not possible.
Other way is to Decompile them, perform code review, alter code, recompile
evil client and send custom attacks. You can use Java decompilers such as
jad.

On Tue, Aug 17, 2010 at 10:11 AM, <padmasriramiyer at hsbc.co.in> wrote:

>
> Hi guys,
>
> Can anyone please guide me how to proceed with security testing of Java
> application i.e. a thick client?
>
>
> Best regards,
> *Padma Sriram Iyer*
> Senior Security Analyst
> GLT Information Security Risk
> HSBC Technology and Services - Global Technology
> _______________________________________________________________________
>
> Phone.     91 20 6642 2285
> Tieline.     71 91 20 2285
> Email.       *padmasriramiyer at hsbc.co.in* <padmasriramiyer at hsbc.co.in>
> _______________________________________________________________________
>
> ************************************************************
> HSBC Software Development (India) Pvt Ltd
> HSBC Center Riverside,West Avenue ,
> 25 B Kalyani Nagar Pune  411 006 INDIA
>
> Telephone: +91 20 26683000
> Fax: +91 20 26681030
> ************************************************************
>  -----------------------------------------
> ******************************************************************* This
> e-mail is confidential. It may also be legally privileged. If you are not
> the addressee you may not copy, forward, disclose or use any part of it. If
> you have received this message in error, please delete it and all copies
> from your system and notify the sender immediately by return e-mail.
> Internet communications cannot be guaranteed to be timely, secure, error or
> virus-free. The sender does not accept liability for any errors or
> omissions.
> ******************************************************************* "SAVE
> PAPER - THINK BEFORE YOU PRINT!"
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>


-- 
Thanks & Regards,
Nilesh Kumar,
Engineer-Security Analyst
http://nileshkumar83.blogspot.com
http://linkedin.com/in/nileshkumar83
Mobile- +91-9019076487
*                                    Honeywell*
Honeywell Technology Solutions Lab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20100817/307442ae/attachment.html 


More information about the Owasp-delhi mailing list