Whitepapers
- Web Application Whitepaper (9/6/2017) - This document aims to analyse and explore data collected from technical assurance engagements during 2016. The original piece of data analysis was performed by two of our interns (Daniel and Chris) as part of Cisco’s intended contribution to the next Top 10 publication from OWASP however due to time constraints, our data points were not […]
- Hacking the Belkin E Series Omniview 2-Port KVM Switch (4/5/2017) - Too frequently security professionals only consider software vulnerabilities when considering the risks of connecting devices to their networks and systems. When it comes to considering potential risks of connected devices and the Internet of Things, not only must security professionals consider potential vulnerabilities in the software and firmware of these systems, but also physical vulnerabilities […]
- SSL Good Practice Guide (4/11/2014) - This document discusses a number of attack vectors for SSL and TLS, offering real world examples where it can. It also offers advice on how to protect and correctly configure, with the goal of helping ensure that SSL services have a minimised attack surface.
- SSL Certificate Good Practice Guide (2/3/2014) - This document is not intended to be a definitive guide, but more of a review of the specific commonly identified issues resulting from the inappropriate deployment of SSL certificates on internal services within a corporate environment. Whilst this document is not intended to be definitive, Portcullis believes that it should provide a high level summary […]
- Memory Squatting: Attacks On System V Shared Memory (11/13/2013) - Rather than representing a definitive guide, this document represents a review of the specific security issues identified during Portcullis Computer Security Ltd’s recent research into System V shared memory segments and their usage. What follows should, however, provide a high-level summary of issues, impacts and methods of remediation in cases where System V shared memory […]
- HTML 5 Good Practice Guide (3/27/2012) - This document is not intended to be a definitive guide, but more of a review of the specific security issues resulting from the use of HTML 5. Portcullis was asked to provide consultancy in the form of analysis and good practice recommendations with respect to migrations from Flash to HTML 5. Whilst this document is […]
- Web Application Password Reset Good Practice Guide (3/24/2012) - Over the years of application testing we have seen many bad password reset implementations, so we have put together a good practice guide to help design a secure process for your applications. This document aims to detail the key features of secure password reset procedures which can be used within web applications. As well as […]
- Apple iOS In the Workplace (3/23/2012) - This document discusses the security of Apple iOS with particular focus on its usage in the workplace. The intended audience for this is technical/managerial, that is to say, in parts it will be moderately technical, but the key focus will be the provision of information to those planning or evaluating roll outs of iOS based […]
- Firefox Lockdown (6/23/2009) - Firefox can be locked down similar to Internet Explorer, and this guide will give you the relevant information that is needed to create a secure, locked-down configuration, to restrict knowledgeable users actions into manipulating Firefox for their own needs. With Firefox’s popularity rising on a day-by-day basis, many corporate environments are starting to employ the […]
- XSS Tunnelling (11/10/2008) - XSS Tunnelling is the tunnelling of HTTP traffic through an XSS Channel to use virtually any application that supports HTTP proxies. This paper explains the idea and the real world implementation.
- Deep Blind SQL Injection (8/18/2008) - Deep Blind SQL Injection is a new way to exploit Blind SQL Injections with a 66% reduction in the number of requests. This document describes how it is still possible to retrieve data, moreover it is possible with a 66% reduction in the number of requests made of the server, requiring two rather than six […]
- DoS Attacks Using SQL Wildcards (8/18/2008) - This document discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers. This can be achieved using only the search field present in most common web applications. If an application has the following properties then it is highly possibly vulnerable to wildcard attacks: An SQL Server Backend More than 300 records in the […]
- Next Generation Malware: Windows Vista’s Gadget API (3/31/2008) - Windows has had the ability to embed HTML into it’s user interface for many years. Right back to and including Windows NT 4.0, it has been possible to embed HTML into the task bar, but the OS has always maintained a sandbox, from which the HTML has been unable to escape. All this changes with […]
- Having Fun With PostgreSQL (3/27/2008) - PostgreSQL is one of the most commonly used open source database management systems. This document describes weaknesses in the PostgreSQL configuration that may be abused for privilege escalation, as well as remote command execution and the uploading of arbitrary files to the system.