Myth 7: Thick-client SSL VPNs are more secure than thin-client SSL VPNs. [Wrong again]

Posted: December 15, 2011 in SSL
Tags: , , , , ,

Today’s myth is about the security of thick-client SSL VPNs. Some believe that thick-client SSL VPNs are more secure than thin-client ones, but this is actually untrue. Thick client is defined as an application client that processes data in addition to rendering. An example of a thick client application can be a Visual Basic, JAVA or VB.NET application that communicates with a database. And as you might already know, all of these have are vulnerable to security gaps.

The risks observed in thick-client applications generally include information disclosures, unauthorized access, authentication bypass, application crashes, unauthorized, high privilege transactions or privilege escalations. With the single exception of cross-site scripting, the vulnerabilities of thick clients are the same as the Top 10 OWASP Vulnerabilities of Web Applications. So there you go, another myth gone the way of the 8-track.

One more myth to go…stay tuned.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s