THICK CLIENT

PENTESTING CHECKLIST

OWASP Based Checklist 🌟🌟

80+ Test Cases 🚀🚀

/
INFORMATION GATHERING

om
t.c
1. Information Gathering

po
☐ Find out the application architecture (two-tier or three-tier)

gs
☐ Find out the technologies used (languages and frameworks)
☐ Identify network communication
b lo
h.

☐ Observe the application process

a nt

☐ Observe each functionality and behavior of the application

sa

☐ Identify all the entry points

ra
ip

☐ Analyze the security mechanism (authorization and authentication)

ar
//h

2. Tools Used
s:

☐ CFF Explorer
tp

☐
ht

Sysinternals Suite
☐ Wireshark
☐ PEid
☐ Detect It Easy (DIE)
☐ Strings
GUI TESTING

1. Test For GUI Object Permission

☐ Display hidden form object
☐ Try to activate disabled functionalities
☐ Try to uncover the masked password

2. Test GUI Content

☐ Look for sensitive information

/
om
t.c
3. Test For GUI Logic
☐

po
Try for access control and injection-based vulnerabilities

gs
☐ Bypass controls by utilizing intended GUI functionality
☐ Check improper error handling
b lo
h.
☐ Check weak input sanitization
nt

☐ Try privilege escalation (unlocking admin features to normal users)

a
sa

☐ Try payment manipulation

ra
ip

4. Tools Used
ar

☐
//h

UISpy
☐
s:

Winspy++
tp

☐ Window Detective
ht

☐ Snoop WPF
FILE TESTING

1. Test For Files Permission

☐ Check permission for each and every file and folder

2. Test For File Continuity

☐ Check strong naming
☐ Authenticate code signing

/
om
3. Test For File Content Debugging
☐ Look for sensitive information on the file system (symbols, sensitive

t.c
data, passwords, configurations)

po
☐ Look for sensitive information on the config file

gs
☐ Look for Hardcoded encryption data
b lo
☐
h.
Look for Clear text storage of sensitive data
nt

☐ Look for side-channel data leakage

a
sa

☐ Look for unreliable log

ra
ip

4. Test For File And Content Manipulation

ar

☐ Try framework backdooring

//h

☐ Try DLL preloading

s:
tp

☐ Perform Race condition check

ht

☐ Test for Files and content replacement

☐ Test for Client-side protection bypass using reverse engineering

5. Test For Function Exported

☐ Try to find the exported functions
☐ Try to use the exported functions without authentication
6. Test For Public Methods
☐ Make a wrapper to gain access to public methods without authentication

7. Test For Decompile And Application Rebuild

☐ Try to recover the original source code, passwords, keys
☐ Try to decompile the application
☐ Try to rebuild the application
☐ Try to patch the application

/
om
8. Test For Decryption And DE obfuscation

t.c
☐ Try to recover original source code

po
☐ Try to retrieve passwords and keys

gs
☐ Test for lack of obfuscation
lo
b
h.

9. Test For Disassemble and Reassemble

nt

☐ Try to build a patched assembly

a
sa
ra

10. Tools Used

ip

☐ Strings
ar

☐ dnSpy
//h

☐
s:

Procmon
tp

☐ Process Explorer
ht

☐ Process Hacker
REGISTRY TESTING

1. Test For Registry Permissions

☐ Check read access to the registry keys
☐ Check to write access to the registry keys

2. Test For Registry Contents

☐ Inspect the registry contents
☐ Check for sensitive info stored on the registry

/
om
☐ Compare the registry before and after executing the application

t.c
po
3. Test For Registry Manipulation

gs
☐ Try for registry manipulation
☐ lo
Try to bypass authentication by registry manipulation
b
h.

☐ Try to bypass authorization by registry manipulation

nt
a
sa

4. Tools Used
☐
ra

Regshot
ip

☐ Procmon
ar

☐
//h

Accessenum
s:
tp
ht
NETWORK TESTING

1. Test For Network

☐ Check for sensitive data in transit
☐ Try to bypass firewall rules
☐ Try to manipulate network traffic

2. Tools Used
☐ Wireshark

/
om
☐ TCPview

t.c
po
ASSEMBLY TESTING

gs
1. Test For Assembly b lo
☐ Verify Address Space Layout Randomization (ASLR)
h.

☐
nt

Verify SafeSEH
a

☐ Verify Data Execution Prevention (DEP)

sa

☐
ra

Verify strong naming

ip

☐ Verify ControlFlowGuard
ar

☐
//h

Verify HighentropyVA
s:
tp

2. Tools Used
ht

☐ PESecurity
MEMORY TESTING

1. Test For Memory Content

☐ Check for sensitive data stored in memory

2. Test For Memory Manipulation

☐ Try for memory manipulation
☐ Try to bypass authentication by memory manipulation
☐ Try to bypass authorization by memory manipulation

/
om
t.c
3. Test For Run Time Manipulation
☐

po
Try to analyze the dump file

gs
☐ Check for process replacement
☐ lo
Check for modifying assembly in the memory
b
h.
☐ Try to debug the application
nt

☐ Try to identify dangerous functions

a
sa

☐ Use breakpoints to test each and every functionality

ra
ip

4. Tools Used
ar

☐
//h

Process Hacker
☐
s:

HxD
tp

☐ Strings
ht
TRAFFIC TESTING

1. Test For Traffic

☐ Analyze the flow of network traffic
☐ Try to find sensitive data in transit

2. Tools Used
☐ Echo Mirage
☐ MITM Relay

/
om
☐ Burp Suite

t.c
po
COMMON VULNERABILITIES TESTING

gs
1. Test For Common Vulnerabilities
lo
b
☐ Try to decompile the application
h.

☐
nt

Try reverse engineering

a

☐ Try to test with OWASP WEB Top 10

sa

☐
ra

Try to test with OWASP API Top 10

ip

☐ Test for DLL Hijacking

ar

☐
//h

Test for signature checks (Use Sigcheck)

s:

☐ Test for binary analysis (Use Binscope)

tp

☐ Test for business logic errors

ht

☐ Test for TCP/UDP attacks

☐ Test with automated scanning tools (Use Visual Code Grepper - VCG)