In-House Application Security

In-House & Desktop Application Penetration Testing

In order to increase productivity and automate business processes and procedures, you may have developed various desktop applications that your employees use. These software applications can aid in accounting, HR operations, sales and marketing, or even in IT operations. However, if these software applications were not developed based secure methods and security best practices, it is likely that they contain serious security vulnerabilities that can cause serious damage to your business. Therefore, it is important to thoroughly pentest your desktop applications before deploying them in a production environment. The following is a list of the most common software vulnerabilities:

  • OS command injection
  • Buffer overflows
  • Improper authentication
  • Improper authorization
  • Improper encryption schemes
  • Unrestricted file upload
  • Path traversal
  • Open redirect
  • Format string
  • Integer overflows

During desktop application penetration testing, our information security professionals play the role of hackers and attempt to break and penetrate into the software application revealing all exploitable vulnerabilities. This type of penetration testing relies not only on automated tools but also on manual analysis and verification. A typical desktop application penetration testing involves the following step:

  • Information gathering.
  • Assessing the business logic.
  • Source code analysis.
  • Assessing configuration and deployment management.
  • Testing input validation.
  • Testing error handling.
  • Assessing authentication schemes.
  • Assessing authorization schemes.
  • Assessing encryption schemes.

After the penetration test is done, we deliver a comprehensive and detailed report outlining all the undertaken steps along with the discovered vulnerabilities. The vulnerabilities are classified according to their associated risk, that is, high-risk, medium-risk, and low-risk. The report includes recommendations on how to practically close those vulnerabilities. Finally, the report includes an executive section for managers and non-technical executives.