![]() ![]() One of the first things I like to do when I begin a thick client application test is see what’s actually happening on the network. There can be more than three tiers, but the same methods and tools outlined below will apply. One-tier architecture also exists, but it’s not applicable to this blog post because the client, business logic, and data storage are all on the same system. Tier 2: A database server handles business logic and performs data queries and modifications for the client.Tier 3: A database server modifies and retrieves data for the application server.īeta Bank is written with a two-tier architecture.Tier 2: Web requests are sent to a server where business logic is handled.Tier 1: The client displays and collects data.BetaFast is written with a three-tier architecture. In this post, we’ll cover network testing in thick client applications and how it’s performed on different architectures. A brief overview is covered in a previous blog post. Many examples in this series will be taken directly from these applications, which can be downloaded from the BetaFast GitHub repo. In conjunction with these posts, NetSPI has released two vulnerable thick clients: BetaFast, a premier Betamax movie rental service, and Beta Bank, a premier finance application for the elite. Introduction to Hacking Thick Clients is a series of blog posts that will outline many of the tools and methodologies used when performing thick client security assessments.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |