There are normally two concerns when testing Citrix solutions. Firstly, there is the remote access element and concerns that an unauthorised user may be able to gain access to the solution.
To evaluate this threat, Portcullis can perform comprehensive testing of the authentication process to identify failures in the application logic, encryption weaknesses, poor input validation, badly managed session keys and more.
The second dimension with Citrix system is the trust level associated with the user. Citrix is often used as the mechanism for providing a controlled environment to remote workers, 3rd parties and overseas offices.
Citrix breakout testing focuses on the controlled environment and attempts to gain access to restricted information or resources. This testing largely focuses on errors and omissions in the desktop lockdown, but also takes advantage of weaknesses within Citrix itself.