I believe that most people here are familiar with OWASP and their Top 10 project. When it comes to information systems these days it appears that there is a big focus on web application security and rightfully so. Recently I was tasked to perform a Risk Analysis on an Information System (SQL Server 2005) that has user application interfaces which are both Web and Non Web. So far I have found a lot of very good articles and tools that show web threats and vulnerabilities, but not so much on non-web based applications.
Does anyone know of any good resources that explain and test the vulnerabilities/risks of non-web interfaces of information systems? These applications are run on Windows machines.