Windows/Mac program security audit

The project goal was to ensure the security of the complex application, which included Windows/MacOS frontends and Azure-based backend. The threat vectors included attacks on the client (e.g. if the software introduces weakness to the client OS) and system back-end security. The only access to the binaries and test accounts was provided.


During the project, the following vulnerabilities were identified:

  • Remote code execution on the client through the out-of-date library
  • Weak filesystem/registry permissions on the client installation
  • Hardcoded API keys to some back-end components in the client installation
  • Denial of service on the backend infrastructure through XML bombs
This website uses cookies to give you the best experience. Terms & Conditions