The OWASP Thick Client Project is a standard awareness document for developers and security analyst. It represents the most common security risks identified in thick client applications.

Organizations should adopt this document to ensure that their applications minimize these common risks. Using the OWASP Top 10 is perhaps the most effective first step towards changing the software development culture within your organization into one that produces more secure code.

You could/should use this project as a:

• guidance in early stages of Software Development Lifecycle (SDLC) to avoid common vulnerabilities in thick client applications.
• reference in identifying security loopholes in thick client applications.

What is Thick Client Application Security?

Thick Client Application Overview

Thick client are type of applications which run on user’s host machine/system and communicate with backend server or database server. Few of the examples are listed below:

• Microsoft Teams
• Outlook
• Skype

With respect to architecture, they are classified as two tier and three tier applications.

Security Challenges

Security Testing Approch