Desktop Application Security Assessment
Trusted Cyber Security Experts
25+ Years Industry Experience
Ethical, Professional & Pragmatic
A desktop application security assessment of your Windows, macOS or UNIX binary application ensures that vulnerabilities aren’t present that affect the security of the application data or user workstations.
Desktop applications can present a unique set of security and data protection risks if not correctly designed and secured. Physical access to desktop devices is generally easier to achieve in office environments and if the device is left unlocked or unattended an unauthorised individual could access or change data within the application.
Our Desktop Application Security Assessment will consider both the technical security measures within the software and the design features of the overall architecture to ensure that data is secure from theft, interception or tampering when stored and processed on an end-user’s workstation and when the application communicates with other services or APIs. We will also validate that a malicious user cannot abuse the application to gain privileged access to the underlying operating system and that application users can only perform the actions to which they have been granted permission.
What types of vulnerabilities can a Desktop Application Security Assessment identify?
Conducting a Desktop Application Security Assessment provides you with a detailed analysis on your compiled application binary and associated libraries – identifying ways in which the application or the data handled by it may be compromised. Some common vulnerabilities that we regularly find during desktop and binary application security assessments include:
- Weak coding practices
- Security control / license bypass
- Vulnerable 3rd party libraries
- Weak encryption algorithms
- Hardcoded passwords and API keys
- Sensitive information disclosure
- Stack & buffer overflows
- Network traffic interception
Testing Process & Methodology
Our Desktop Application Security Assessment is performed by our CREST accredited consultancy team, who review the desktop application binary and associated libraries with a range of specialised tools and manual testing. The purpose of this assessment is to identify ways in which a malicious user, who has access to the application, may be able to compromise key areas of the application to compromise sensitive information or to bypass security controls.
In addition to a static analysis of the codebase, a dynamic assessment will also be made during the runtime of the application, to assess if it is possible to use any of the application functionality to escalate privileges within the operating system of the workstation on which it has been installed.
As part of the overall testing methodology, the follow areas of the application will be assessed during the Desktop Application Security Assessment:
Authentication
The authentication components of the application will be assessed to identify ways in which these may be bypassed by an attacker. Automated testing such as brute-force password guessing attacks will be attempted against the authentication prompt, while manual code injection testing will be conducted to identify ways in which the authentication may be bypassed altogether through parameter tampering and injecting malicious code into the application.
Role Based Access Control (RBAC)
If multiple user roles are present in the application, testing will be conducted to ensure that users are unable to escalate their privileges either “horizontally” or “vertically”. Horizontal privilege escalation vulnerabilities could allow a user to access the data of other users, whereas a vertical privilege escalation vulnerability could allow a lower-privileged user to access functionality that should only be available to an administrator.
Code Injection
Code injection testing will be performed on all entry points to the application to identify ways in which an attacker could inject malicious code. Depending on the application architecture, this could include SQL injection testing if the application relies on a back-end database or command injection testing in an attempt to execute operating system-level commands on the application server on which the application resides.
Application & Service Permissions
The application and any associated services will be examined to identify the permissions that they have within the operating system. Specific checks will be made to identify the level of access that an attacker would have to the operating system if they have been able to compromise the application.
File Permissions
The file permissions of all files associated with the application will be examined. The purpose of this examination is to identify if an attacker would be able to tamper with the application executable, log files or library files that may allow them to modify the behaviour of the application.
3rd Party Libraries & Plugins
An assessment will be conducted on all visible 3rd party plugins and libraries that are used by the application. Checks will be made to ensure that these 3rd party plugins and libraries are up-to-date, and that no publicly-available exploit code exists for them that may impact the overall security of the application.
Installation & Uninstall Process
The installation process will be examined to ensure the application does not request unnecessary permissions on the underlying operating system. The installation scripts will also be reviewed to ensure there are no hardcoded installation keys that could be abused by an attacker.
When an application in uninstalled, it is possible that sensitive information relating to the application installation or data that is handled by it may be left on the workstation. A review will be carried out on the uninstallation process for the application to ensure that no fragments of data are left behind that could be used by an attacker.
Binary Executable Decompilation
During the assessment, an attempt will be made to decompile all executable files with the intention of identifying ways in which the underlying code may be circumvented or to identify sensitive information that may be hard-coded.
Checks will be made to identify sensitive information that may be hard-coded in the application source code. Typical hard-coded information which may be considered sensitive, includes passwords, database connection strings and PKI certificates – all of which could be useful to an attacker.
Specific tests will be conducted to identify ways in which the underlying code may be modified to benefit an attacker, this could include enabling functionality which should not normally be available (for example enabling an “engineering mode”) or enabling features that are protected by a software license restriction.
In-Memory Runtime Analysis
The memory process-space that is used by the application will be examined using an in-memory debugging tool to identify weaknesses that may only be present during the application run-time. This is crucial in identifying attack vectors which may allow an attacker to inject malicious code into the Windows process as a way of furthering their attack using exploit code.
Network Traffic Analysis
The network traffic that is sent between the application and server will be closely examined to ensure that it cannot be intercepted or modified in transit. Checks will be made to ensure that the network data is securely-encrypted and that it is not possible to obtain sensitive information from the network traffic or inject malicious code into it to modify the applications behaviour.
Local Data Caching
The application behaviour will be closely monitored during runtime to identify if sensitive data is being cached locally or logged on the hard drive of the end user’s workstation. If data is being cached, the data will be examined to ensure that it has been encrypted or anonymised to the point where it is not useful to an attacker who has been able to obtain local access to an end user’s workstation.
Digital Code Signing
The application executable and all associated plugins and Dynamically Linked Libraries (DLL) files will be examined to ensure they have been digitally-signed to ensure that they cannot be tampered with by a malicious user.
Certificate & Key Management
If the application uses encryption for data or network traffic, specific checks will be made around how the encryption keys and certificates are stored and managed by the application. This is to ensure that the keys or certificates cannot be stolen or forged by a malicious user and then used to circumvent the encryption that is in use by the application.
Source Code Analysis
If the source code for the application is available, we can also perform automated analysis in order to identify vulnerabilities that could be exploited.
Our Static Analysis process uses a combination of automated audit tools and a manual review of code by our consultancy team.
Preparing for your Desktop Application Test
- A copy of the compiled application (or installation package)
- A copy of the application source code in a working development environment if you would like the source code analysed for vulnerabilities
- A set of credentials (if the application requires authentication)
- Access to any API or back end services the application requires
Reporting
Our clear & concise penetration test reports enable everyone in your organisation to understand the vulnerabilities that have been identified and the real-world risk that your systems and data are exposed to.
Our reports include:
- A “board-level friendly” Executive Summary
- Comprehensive, evidence-based vulnerability reporting
- Risk-based vulnerability ranking with CVSS Scoring
- Technical references and links for further research by your technical team
Debrief Call
Once you have received our final report, you have the option of attending a conference call between the consultant(s) involved in delivering your project and individuals within your organisation who you feel would benefit from a more in-depth discussion of the report’s findings.
After Care
Once our consultancy engagement is complete and our final report has been delivered to you, our consultancy team remain available to you indefinitely for any questions you may have surrounding the report’s findings or our consultancy engagement with you.
Why Choose SecureTeam?
- UK-based Consultancy Team
- Customer Focused
- Security Vetted Consultants
- Ethical Scoping & Pricing
- 25+ Years Industry Experience
- ISO 9001 & 27001 Certified
- CREST Accredited
- Comprehensive Reporting
Ready to take your cyber security to the next level ?
Trusted Cyber Security Experts
As an organisation, SecureTeam has provided penetration testing and cyber security consultancy to public & private sector organisations both in the United Kingdom and worldwide. We pride ourselves in taking a professional, pragmatic and customer-centric approach, delivering expert cyber security consultancy – on time and within budget – regardless of the size of your organisation.
Our customer base ranges from small tech start-ups through to large multi-national organisations across nearly every sector – in nearly every continent. Some of the organisation’s who have trusted SecureTeam as their cyber security partner include:
Customer Testimonials
"Within a very tight timescale, SecureTeam managed to deliver a highly professional service efficiently. The team helped the process with regular updates and escalation where necessary. Would highly recommend"
IoT Solutions Group Limited
“First class service as ever. We learn something new each year! Thank you to all your team.”
Royal Haskoning DHV
“We’ve worked with SecureTeam for a few years to conduct our testing. The team make it easy to deal with them; they are attentive and explain detailed reports in a jargon-free way that allows the less technical people to understand. I wouldn’t work with anyone else for our cyber security.”
Capital Asset Management
“SecureTeam provided Derbyshire's Education Data Hub with an approachable and professional service to ensure our schools were able to successfully certify for Cyber Essentials. The team provided a smooth end-to-end service and were always on hand to offer advice when necessary.”
Derbyshire County Council
“A very efficient, professional, and friendly delivery of our testing and the results. You delivered exactly what we asked for in the timeframe we needed it, while maintaining quality and integrity. A great job, done well.”
AMX Solutions
“We were very pleased with the work and report provided. It was easy to translate the provided details into some actionable tasks on our end so that was great. We always appreciate the ongoing support.”
Innovez LtdGet in touch today
If you’d like to see how SecureTeam can take your cybersecurity posture to the next level, we’d love to hear from you, learn about your requirements and then send you a free quotation for our services.
Our customers love our fast-turnaround, “no-nonsense” quotations – not to mention that we hate high-pressure sales tactics as much as you do.
We know that every organisation is unique, so our detailed scoping process ensures that we provide you with an accurate quotation for our services, which we trust you’ll find highly competitive.
Get in touch with us today and a member of our team will be in touch to provide you with a quotation.
Subscribe to our monthly newsletter
If you’d like to stay up-to-date with the latest cyber security news and articles from our technical team, you can sign up to our monthly newsletter.
We hate spam as much as you do, so we promise not to bombard you with emails. We’ll send you a single, curated email each month that contains all our cyber security news and articles that we’ve released that month.
“We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”
Aim Ltd Chief Technology Officer (CTO)