Thick-client application penetration testing.
Desktop and installed applications — tested on the client, in memory, and against their backend.
We secure the Czech tech companies that made it globally.
Thick-client application penetration testing
An installed application runs on a machine the user controls — which means they can watch it run, read its memory, intercept its traffic, and pull apart anything it stores. We test desktop / thick-client applications from that position: how they protect data locally, handle authentication and updates, implement cryptography, and talk to their backend — assuming the attacker already has the binary and unlimited time.
What we test
- Local data protection — how the app stores and protects data on a client the attacker owns.
- Memory — sensitive data exposed in memory at runtime, where secrets often outlive their use.
- Cryptography — whether crypto is implemented correctly and used where it matters, or rolled by hand.
- Authentication, authorization & session handling — including the update mechanism, a classic path to running attacker code.
- Backend / API communication — the services the client talks to, tested in the same engagement.
What you get
A report in four parts: a scope recap, a management summary with an expert opinion on your security standing, an audit-findings checklist sorted by severity, and detailed findings — each with description, impact, CVSSv3 severity, and a concrete proposed fix. Every finding is peer-reviewed so your team can reproduce and fix it fast.
Every test is run by certified senior specialists — no junior hands learning on your systems.
Use the test results toward NIS2, DORA, ISO 27001, and PCI-DSS.
Pricing
Scoped by the application and the backend in scope. We'll confirm scope and price on a short call.
Our insight.
You use ORM in 98% of database interactions? We will find those 2% and hack you right there!
Frequently asked, always answered.
What will be included in the test report?
A report includes the list of vulnerabilities discovered with severity rating. Additionally, there is a managerial summary which outlines how these vulnerabilities correspond to a business risk, and a technical write up, so developers can reproduce and correct the issues.
Can I get help choosing the most secure third party SaaS application?
Yes, insighti is able to, with permission, review and evaluate the security of 3rd party solutions. This allows our clients to make an informed decision about which solution to use based on the pros and cons of each.
What is the difference between a vulnerability scan and a penetration test?
A penetration test is a security verification technique that attempts to find and exploit security vulnerabilities with the intent to improve or prove security of a system. This often includes the manual work of designing and planning attack vectors that can include one or more found vulnerability or known information. A vulnerability scan finds known vulnerabilities but cannot combine or exploit those vulnerabilities to further verify security of a system.
Let's talk it through.
Tell us what you need tested — we'll set up a no-obligation call and propose a scope.
Book a free consultation ›