- https://medium.com/@david.valles/security-testing-of-thick-client-application-15612f326cac
- https://blog.appsecco.com/breaking-bad-tearing-apart-a-thick-client-app-to-steal-data-7e44f8698b2a
- https://blog.securelayer7.net/thick-client-penetration-testing-1
- https://www.netspi.com/blog/technical/thick-application-penetration-testing/introduction-to-hacking-thick-clients-part-1-the-gui
- https://resources.infosecinstitute.com/topic/practical-thick-client-application-penetration-testing-using-damn-vulnerable-thick-client-app-part-1/
- https://www.paladion.net/blogs/thick-client-testing-toolkit-part-2-tools-testing-techniques-interception-testing-2
- https://resources.infosecinstitute.com/topic/application-security-testing-of-thick-client-applications/#gref
(any one is enough 😉, added in case some goes down in feature.)