Today’s myth is about the security of thick-client SSL VPNs. Some believe that thick-client SSL VPNs are more secure than thin-client ones, but this is actually untrue. Thick client is defined as an application client that processes data in addition to rendering. An example of a thick client application can be a Visual Basic, JAVA or VB.NET application that communicates with a database. And as you might already know, all of these have are vulnerable to security gaps.
The risks observed in thick-client applications generally include information disclosures, unauthorized access, authentication bypass, application crashes, unauthorized, high privilege transactions or privilege escalations. With the single exception of cross-site scripting, the vulnerabilities of thick clients are the same as the Top 10 OWASP Vulnerabilities of Web Applications. So there you go, another myth gone the way of the 8-track.
One more myth to go…stay tuned.