Thick Client Application Security Testing Methodology