Learning Desktop Application Security

Asked Oct 10 '23 at 19:24

Active Oct 10 '23 at 19:37

Viewed 83 times

I am familiar with web security but I would like to know more about non-web application security.

I know about memory corruption vulnerabilities like buffer overflow and buffer overread and how serious they are. But how about Java/C# or similar applications, where memory corruption vulnerabilities are far less common.

I'm assuming you could test for all server-side vulnerabilities like SQL-injection or OS-command injection like you test on a web app. I also know that Java/C# apps could be vulnerable to insecure deserialization. But what else could a desktop app pentester check?

Is there any training provider for desktop app security like how it is Portswigger for web security? Is there a methodology or even a checklist of what you could check?

edited Oct 10 '23 at 19:37

schroeder

129,372
55
299
340

asked Oct 10 '23 at 19:24

Frixos Kallenos

1

You mean like: https://owasp.org/www-project-desktop-app-security-top-10/ I googled "pentest desktop application" and got a ton of hits for articles, frameworks, andd courses. – schroeder Oct 10 '23 at 19:39
It turns out that I was actually asking about what's called "Thick Client Security". The best resource that I found is the following: Thick Client Penetration Testing Methodology – Frixos Kallenos Oct 29 '23 at 10:38

Learning Desktop Application Security

0 Answers0