Thick Client Testing Toolkit Part 4 – Tools & Testing Techniques: Local Storage and Memory Testing

Muhammed Noushad K
By Muhammed Noushad K

March 7, 2016

Local Storage and Memory Testing

Unlike web applications Thick Clients tend to write/modify files and registry entries. Often the files and registry entries contain sensitive data such as usernames, passwords, license keys, database credentials, cryptographic keys, etc.

If an adversary gains access to the sensitive data saved in the files and registry entries, the application can be compromised. To evaluate how the application handles sensitive data, we need to understand and monitor the files and registry entries made by the application which can be done with the help of Sysinternal tool, Process Monitor.

Process Monitor:

Process Monitor analyzes Thick Client applications activities in the local machine. It shows real-time file system, registry, and process/thread activity. By default, this tool monitors all the running processes and by setting up proper filters can show file system, registry and process/thread activity of a particular process. The following screenshots show the activities of Google Talk monitored by the Process Monitor.

Registry Activity Filter:

thick client 4_1

File System Activity Filter:

thick client 4_2

Memory testing

Both web and Thick Client applications store data in the memory (Random Access Memory) for further processing. Some applications may write sensitive information such as user credentials, cryptographic keys or sensitive user data in the memory. An attacker can obtain access to this data with the help of memory-reading tools like Winhex or HxD.

The following screenshots show that user credentials entered in Yahoo Messenger can be read from memory with the help of Winhex and Hxd.

Winhex:

thick client 4_3

Hxd:

thick client 4_4

About the Author

Muhammed Noushad K. is an EC Council-Certified Security Analyst (ECSA) involved in information security for the past five years. He has rich experience in Application Security and Secure Code Reviews. Currently, he is employed as a Security Researcher at Paladion Networks, an information security organization providing security services for corporate organizations in India, Malaysia, the Middle East, and the USA. Paladion’s mission is to harness global technologies to deliver trusted solutions for creating a secure business environment.

 

 


Tags: Memory Testing, Tools and Testing Techniques, Uncategorized, Local Storage, thick client