Relying on scanning and automation tooling is simply not enough to assess a binary application’s resistance to attacks and exposure to threats.
Binary applications involve both client and server-side processing, requiring a different approach as they cannot easily be proxied using tooling. Testing complex binary applications in large and interconnected computing environments requires a sophisticated approach.
Binary client security assessments are divided into four testing stages:
Binary application source code is decompiled, analysed and tested for code injection by attempting to include malicious code, such as a backdoor or logic bomb, which affects the integrity of the application. In addition to code injection, testing looks to ensure sensitive data residing in the client binary such as plain text credentials, API keys or other sensitive client-server information is obfuscated.
Tests identify and then interact with the application’s attack surfaces. common vulnerabilities which arise from input validation flaws such as SQL injection, OS command injection, file uploads, buffer overflow, log poisoning etc.. are identified. Broken authentication and Session management is also a common vulnerability to be identified in this phase. A dynamic test of a binary application does not differ much in contrast to a web app.
Observe and test for interactions between the application and the Operating System by extracting and analysing RAM to identify any sensitive information in plain text. Privilege levels or permissions on the files and directories used by the thick client will also be reviewed for any vulnerabilities.
Tests the communication between client and server, verifying that there is no sensitive data transferred over unencrypted or a weak protocol. Both SSL / TLS configuration are reviewed as part of the process, identifying any weak cipher suites, deprecated protocols and other misconfigurations.
Our years of experience securing complex binary applications across financial services, energy and government means we are better placed to ensure your applications are well protected from attackers.