The malicious user can capture the traffic b/w the thick client and the server. He can then replay it with the modified values. If server is vulnerable enough, MITM attacks are still possible (although a little difficult) in case of thick clients.
On Tue, Aug 17, 2010 at 3:15 PM, <nileshkuma...@gmail.com> wrote: > Rarely the Java clients use HTTP for communication, so MiTM is not > possible. > Other way is to Decompile them, perform code review, alter code, recompile > evil client and send custom attacks. You can use Java decompilers such as > jad. > > On Tue, Aug 17, 2010 at 10:11 AM, <padmasrirami...@hsbc.co.in> wrote: > >> >> Hi guys, >> >> Can anyone please guide me how to proceed with security testing of Java >> application i.e. a thick client? >> >> >> Best regards, >> *Padma Sriram Iyer* >> Senior Security Analyst >> GLT Information Security Risk >> HSBC Technology and Services - Global Technology >> _______________________________________________________________________ >> >> Phone. 91 20 6642 2285 >> Tieline. 71 91 20 2285 >> Email. *padmasrirami...@hsbc.co.in* <padmasrirami...@hsbc.co.in> >> _______________________________________________________________________ >> >> ************************************************************ >> HSBC Software Development (India) Pvt Ltd >> HSBC Center Riverside,West Avenue , >> 25 B Kalyani Nagar Pune 411 006 INDIA >> >> Telephone: +91 20 26683000 >> Fax: +91 20 26681030 >> ************************************************************ >> ----------------------------------------- >> ******************************************************************* This >> e-mail is confidential. It may also be legally privileged. If you are not >> the addressee you may not copy, forward, disclose or use any part of it. If >> you have received this message in error, please delete it and all copies >> from your system and notify the sender immediately by return e-mail. >> Internet communications cannot be guaranteed to be timely, secure, error or >> virus-free. The sender does not accept liability for any errors or >> omissions. >> ******************************************************************* "SAVE >> PAPER - THINK BEFORE YOU PRINT!" >> _______________________________________________ >> Owasp-delhi mailing list >> Owasp-delhi@lists.owasp.org >> https://lists.owasp.org/mailman/listinfo/owasp-delhi >> >> > > > -- > Thanks & Regards, > Nilesh Kumar, > Engineer-Security Analyst > http://nileshkumar83.blogspot.com > http://linkedin.com/in/nileshkumar83 > Mobile- +91-9019076487 > * Honeywell* > Honeywell Technology Solutions Lab > > > _______________________________________________ > Owasp-delhi mailing list > Owasp-delhi@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-delhi > > -- Gunwant Singh
_______________________________________________ Owasp-delhi mailing list Owasp-delhi@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-delhi
