This paper discusses the critical vulnerabilities and corresponding risks in a two tier thick client application along with the measures to mitigate risks. Thick client is defined as an application client that processes data in addition to rendering. An example of thick client application can be a Visual Basic, JAVA or VB.NET application that communicates with a database.
The risks observed in thick client applications generally include information disclosure, unauthorized access, authentication bypass, application crash, unauthorized execution of high privilege transactions or privilege escalation. It is interesting to note that most of the Open Web Application Security Project1 (OWASP) Top 10 vulnerabilities are as applicable to Thick client applications as they are to web applications.
This document is in PDF format. To view it click here.