Software that is more secure.
Get your software hacked.
Thick Client Applications
Strong security for both the server and application.
Test your thick client applications with an independent third party.
Desktop apps face a completely new set of threats when it comes to their security. Since they run on the local machine of the user, the entirety of their code and data is reachable to the user and also any attacker with access to the machine itself.
It is often vital that the application implements its own protective measures to build a wall around any and all sensitive data permanently or temporarily stored on the client computer which may present a compromised runtime. Code-review, reverse engineering and both static and dynamic security testing of desktop applications is possible regardless of platform.
Our insight.
-
Do you know the risks you face while using docker?
-
Did you know that some security guards are watching and yet can't see a thing? We use appropriate camouflage and props to execute our scenarios.
-
The most commonly used port for data exfiltration is port 53.
-
A camera remotely launched by a hacker does not make a distinctive sound when a picture is taken.
-
The top prize for a malicious hacker is your system's resources (processor time, disk, connectivity); your data is a nice bonus.
-
Improperly configured database user roles is a blessing for an attacker. Make sure you follow the principles of least privilege and implicit deny to create a strong access control policy.
-
One of the first points of interest for an attacker will be backups. Treat them as valuable as live data and make sure they have at least the same level of security.
-
Did you consider that your knock-off camera system could come bundled with intentionally designed backdoors straight off the production line?
-
It takes less than an hour to run a complex 140 GB dictionary attack on a password hash. It only takes a web browser to download the RockYou dictionary. Do not let your users have dictionary-based passwords.
-
You use ORM in 98% of database interactions? We will find those 2% and hack you right there!
-
Inter-process communication on newer Android platforms is a killer feature! Until you pass around OAuth refresh tokens to anyone knowing your package name. No authentication, just like that!
-
Sometimes the deadliest security holes lie not within technology but in application logic. Are you confident in your password reset functionality? We have seen password resets relying on random-generated secret user-identifiers. Sounds great! Until you discover, they inadvertently leak in a fringe functionality of the system.
Services for thick client applications.
Frequently asked, always answered.
A report includes the list of vulnerabilities discovered with severity rating. Additionally, there is a managerial summary which outlines how these vulnerabilities correspond to a business risk, and a technical write up, so developers can reproduce and correct the issues.
The simplest way to estimate a project and build a quote is by having someone from our team take a quick look at the environment to determine the size of scope. We found that this provides the most accurate result for the quoting process and allows for the project to include the desired scope without being over priced.
A penetration test is a security verification technique that attempts to find and exploit security vulnerabilities with the intent to improve or prove security of a system. This often includes the manual work of designing and planning attack vectors that can include one or more found vulnerability or known information. A vulnerability scan finds known vulnerabilities but cannot combine or exploit those vulnerabilities to further verify security of a system.
Yes, insighti is able to, with permission, review and evaluate the security of 3rd party solutions. This allows our clients to make an informed decision about which solution to use based on the pros and cons of each.
