Myth 7: Thick-client SSL VPNs are more secure than thin-client SSL VPNs. [Wrong again]

Today’s myth is about the security of thick-client SSL VPNs. Some believe that thick-client SSL VPNs are more secure than thin-client ones, but this is actually untrue. Thick client is defined as an application client that processes data in addition to rendering. An example of a thick client application can be a Visual Basic, JAVA or VB.NET application that communicates with a database. And as you might already know, all of these have are vulnerable to security gaps.

The risks observed in thick-client applications generally include information disclosures, unauthorized access, authentication bypass, application crashes, unauthorized, high privilege transactions or privilege escalations. With the single exception of cross-site scripting, the vulnerabilities of thick clients are the same as the Top 10 OWASP Vulnerabilities of Web Applications. So there you go, another myth gone the way of the 8-track.

One more myth to go…stay tuned.

Share on LinkedInShare on FacebookTweet about this on TwitterShare on Google+Pin on Pinterest

Submit a Comment

Your email address will not be published. Required fields are marked *

Captcha: *