[Owasp-delhi] Thick client security testing

padmasriramiyer at hsbc.co.in padmasriramiyer at hsbc.co.in
Tue Aug 17 07:40:04 EDT 2010


Firstly thanks All for the quick responses. 

I tried Echo Mirage, wireshark and ITR, but scope became very limited. I 
would definitely try out the other options suggested. 

I found another tool JavaSnoop, but i think we can only snoop a jar file. 
My app is an exe client. Has anybody worked on it? Any suggestions about 
it?


Best regards,
Padma Sriram Iyer 
Senior Security Analyst 
GLT Information Security Risk 
HSBC Technology and Services - Global Technology
_______________________________________________________________________

Phone.     91 20 6642 2285
Tieline.     71 91 20 2285
Email.       padmasriramiyer at hsbc.co.in
_______________________________________________________________________



From:
Dharmesh M Mehta <Dharmesh.Mehta at mastek.com>
To:
Padma Sriram IYER/ITD GLT/HSDI/HSBC at HSBC03, "owasp-delhi at lists.owasp.org" 
<owasp-delhi at lists.owasp.org>
Date:
17/08/10 04:47 PM
Subject:
RE: [Owasp-delhi] Thick client security testing



Hi Padma,
 
I have personally found Echo Mirage tool useful for security testing of a 
thick client application. 
Like a proxy tool for testing web application, Echo Mirage can be used to 
intercept and modify the request from the client to the server and perform 
most of your validation related attacks.
 
 
Thanks & Regards,
 
Dharmesh Mehta, CISSP
Security Specialist - Technology Engineering & Consulting Group
Mastek Ltd | MNDC, MBP Mahape, Navi Mumbai, India | (T) 91 22 6791 4646 
Extn - 5469 | Mobile: 91 9730002132
http://smartsecurity.blogspot.com
 
From: owasp-delhi-bounces at lists.owasp.org [
mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of 
padmasriramiyer at hsbc.co.in
Sent: Tuesday, August 17, 2010 10:11 AM
To: owasp-delhi at lists.owasp.org; owasp-delhi-bounces at lists.owasp.org
Subject: [Owasp-delhi] Thick client security testing
 

Hi guys, 

Can anyone please guide me how to proceed with security testing of Java 
application i.e. a thick client? 


Best regards, 
Padma Sriram Iyer 
Senior Security Analyst 
GLT Information Security Risk 
HSBC Technology and Services - Global Technology 
_______________________________________________________________________

Phone.     91 20 6642 2285
Tieline.     71 91 20 2285 
Email.       padmasriramiyer at hsbc.co.in 
_______________________________________________________________________

************************************************************
HSBC Software Development (India) Pvt Ltd
HSBC Center Riverside,West Avenue ,
25 B Kalyani Nagar Pune  411 006 INDIA

Telephone: +91 20 26683000
Fax: +91 20 26681030
************************************************************
----------------------------------------- 
******************************************************************* This 
e-mail is confidential. It may also be legally privileged. If you are not 
the addressee you may not copy, forward, disclose or use any part of it. 
If you have received this message in error, please delete it and all 
copies from your system and notify the sender immediately by return 
e-mail. Internet communications cannot be guaranteed to be timely, secure, 
error or virus-free. The sender does not accept liability for any errors 
or omissions. 
******************************************************************* "SAVE 
PAPER - THINK BEFORE YOU PRINT!" 


 



MASTEK LTD.
In the US, we're called MAJESCOMASTEK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Opinions expressed in this e-mail are those of the individual and not that 
of Mastek Limited, unless specifically indicated to that effect. Mastek 
Limited does not accept any responsibility or liability for it. This 
e-mail and attachments (if any) transmitted with it are confidential 
and/or privileged and solely for the use of the intended person or entity 
to which it is addressed. Any review, re-transmission, dissemination or 
other use of or taking of any action in reliance upon this information by 
persons or entities other than the intended recipient is prohibited. This 
e-mail and its attachments have been scanned for the presence of computer 
viruses. It is the responsibility of the recipient to run the virus check 
on e-mails and attachments before opening them. If you have received this 
e-mail in error, kindly delete this e-mail from desktop and server.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

******************************************************************
This message originated from the Internet. Its originator may or may not 
be who
they claim to be and the information contained in the message and any
attachments may or may not be accurate.
******************************************************************



************************************************************
HSBC Software Development (India) Pvt Ltd
HSBC Center Riverside,West Avenue ,
25 B Kalyani Nagar Pune  411 006 INDIA

Telephone: +91 20 26683000
Fax: +91 20 26681030
************************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20100817/820949bd/attachment-0001.html 


More information about the Owasp-delhi mailing list