Cracking A Fat: Breaking Thick Client Software presented at KiwiCon 2007

by Nick von Dadelszen,

Tags: Security

Summary : With so much discussion about AJAX and the dangers of client-side logic, many people tend to forget that standard thick client application form the cornerstone of many businesses. Once you get inside an organsiation, thick client applications are everywhere, and are not going away any time soon. This talk will discuss approaches to attacking these types of applications, with a focus on C# and Java. It will start with simpler circumvention techniques, and move through more complicated scenarios to demonstrate common attack methods. The aim of the attacks is not to own the client, since it is assumed you already have full control of this, but to utilise flaws in the client-server architecture to get to the important server-side data underneath.