Desktop Application Penetration Testing

Verify the security posture of your Desktop applications against real cyber attacks and repair the vulnerabilities before any breach could happen

Rich Desktop Application Pentest

.NET, C/C++, Microsoft Silverlight, Java applets and other types of desktop applications require thorough testing in order to be secured due to their size and the complexity of their technologies.

Using both our ethical hacking and software developers experience, we will provide clients the high risk vulnerabilities in applications and optimum solutions to secure them

desktop application penetration testing
application decompile pentest

Our Methodology

CTD’s approach to Desktop, Thick Client Assessments includes reviewing how application reacts against common input attacks, server-side controls, data communication paths and potential client-related issues

Static Testing

Search for sensitive information disclosures & decompile to source code where possible

Analyzing Config files: reveals URL, Server credentials, Cryptographic keys, Hard coded passwords

Reverse Engineering: Using reversing tools, executable file/ jar files can be decompiled which can be modified and repackaged.

Dynamic Testing

Attempt to inject and bypass authentication controls & review data communications functionality

Input Validation: SQL Injection, Malicious Input acceptance, Command Injection

Buffer Overflow, File Upload, Business logic validations, Error handling/ Info Leakage, Session management, Log tampering

Server side Testing

Identify potential for denial of service (DOS) attacks

Vulnerabilities specific to web servers: Directory Traversal, Command injection, Remote code execution, SQL injection, Sensitive file exposure, Web server miss configuration exploitation

API/Webservices testing: authorization, IDOR, Injections and exploits, API business logic bypas like skipping payments, API missconfigurations

System Testing

Review files, registry entries, memory for sensitive information

Exfiltration of Sensitive data from memory: applications store username, tokens, passwords, encryption keys, unscripted sensitive data. Such information is important for compromising the application

DLL High-jacking: replacing the actual DLLs with malicious file and bypass protection mechanism

Certified Ethical Hackers with Software Developer background

Our background as software developers will help you choose best solutions for patching your vulnerabilities

Andrei Pusoiu
Danie Ciobanu Co-Founder CEH Certified Cyber Security Engineer
Daniel Ciobanu
Alexandru Armean
Veronica Mihaiu OSCP Certified Cyber Security Engineer
Veronica Mihaiu
Razvan Furdui OSCP Certified Cyber Security Engineer
Razvan Furdui
Offensive Security OSCP Certification
Certified Ethical Hacker Certification
CISM Certification Security Manager Alexandru Armean
certified penetration tester GIAC GPEN
We are a security consulting company, founded by senior penetration testers and security managers, offering certified Cyber Security Services of highest quality possible, for clients in EMEA and Middle East
Cyber Threat Defense Logo

Who recommends us

The team is very professional, even going the extra mile caring for customer needs and all the details of the collaboration. This attention to detail both for the human factor and the technical expertise motivated me to have the ongoing project and wish to maintain this for the foreseeable future.​
Catalin Priscornita testimonial picture for Cyber Threat Defense
Catalin Priscornita
Cyber Threat Defense has been a valuable partner in securing our software. Their outside the box perspective has pointed us attack scenarios that we are now paying more attention to.
I recommend CTD. They will certainly improve the level of security in your company.
Andrei Andreias testimonial picture for Cyber Threat Defense
Adrian Andreias

Get a quote today

Get a free, no obligation quote today by filling out the form below.
    +40 770 348 361

    Cyber Threat Defense - Brand of CT Defense SRL
    Cyber Threat Defense Logo