Whitepapers

Web Application Whitepaper

Published 06/09/2017 | By TMB

This document aims to analyse and explore data collected from technical assurance engagements during 2016. Continue reading →

Posted in Whitepapers | Tagged analysis, HTML5, SDL, training, web

Hacking the Belkin E Series Omniview 2-Port KVM Switch

Published 05/04/2017 | By IPP

Too frequently security professionals only consider software vulnerabilities when considering the risks of connecting devices to their networks and systems. When it comes to considering potential risks of connected devices and the Internet of Things, not only must security professionals consider potential vulnerabilities in the software and firmware of these systems, but also physical vulnerabilities in hardware. This document considers the potential risk posed by hardware modification of seemingly innocuous hardware devices attached to critical systems, by showing how a simple KVM switch can be modified for use as a key logger. Continue reading →

Posted in Whitepapers | Tagged hardhack, social engineering

SSL Good Practice Guide

Published 11/04/2014 | By MWE

This document discusses a number of attack vectors for SSL and TLS, offering real world examples where it can. Continue reading →

Posted in Whitepapers | Tagged GPG, SSL, training

SSL Certificate Good Practice Guide

Published 03/02/2014 | By TMB

This document is not intended to be a definitive guide, but more of a review of the specific commonly identified issues resulting from the inappropriate deployment of SSL certificates on internal services within a corporate environment. Continue reading →

Posted in Whitepapers | Tagged GPG, SSL, training

Memory Squatting: Attacks On System V Shared Memory

Published 13/11/2013 | By TMB

Rather than representing a definitive guide, this document represents a review of the specific security issues identified during Portcullis Computer Security Ltd’s recent research into System V shared memory segments and their usage. Continue reading →

Posted in Whitepapers | Tagged 44CON, analysis, exploit, imisslsd, UNIX

HTML 5 Good Practice Guide

Published 27/03/2012 | By TMB

This document is not intended to be a definitive guide, but more of a review of the specific security issues resulting from the use of HTML 5. Continue reading →

Posted in Whitepapers | Tagged GPG, HTML5, SDL, training

Web Application Password Reset Good Practice Guide

Published 24/03/2012 | By KTC

Over the years of application testing we have seen many bad password reset implementations, so we have put together a good practice guide to help design a secure process for your applications. Continue reading →

Posted in Whitepapers | Tagged GPG, SDL, training

Apple iOS In the Workplace

Published 23/03/2012 | By RUS

This document discusses the security of Apple iOS with particular focus on its usage in the workplace. Continue reading →

Posted in Whitepapers

Firefox Lockdown

Published 23/06/2009 | By APD

Firefox can be locked down similar to Internet Explorer, and this guide will give you the relevant information that is needed to create a secure, locked-down configuration, to restrict knowledgeable users actions into manipulating Firefox for their own needs. Continue reading →

Posted in Whitepapers

XSS Tunnelling

Published 10/11/2008 | By FM

XSS Tunnelling is the tunnelling of HTTP traffic through an XSS Channel to use virtually any application that supports HTTP proxies. This paper explains the idea and the real world implementation. Continue reading →

Posted in Whitepapers