Research and Development

Whitepapers


  • SSL Good Practice Guide (4/11/2014) - This whitepaper discusses a number of attack vectors for SSL and TLS, offering real world examples where it can. It also offers advice on how to protect and correctly configure, with the goal of helping ensure that SSL services have a minimised attack surface.
  • SSL Certificate Good Practice Guide (2/3/2014) - This document is not intended to be a definitive guide, but more of a review of the specific commonly identified issues resulting from the inappropriate deployment of SSL certificates on internal services within a corporate environment. Whilst this document is not intended to be definitive, Portcullis believes that it should provide a high level summary […]
  • Memory Squatting: Attacks On System V Shared Memory (11/13/2013) - Rather than representing a definitive guide, this document represents a review of the specific security issues identified during Portcullis Computer Security Ltd’s recent research into System V shared memory segments and their usage. What follows should, however, provide a high-level summary of issues, impacts and methods of remediation in cases where System V shared memory […]
  • HTML 5 Good Practice Guide (3/27/2012) - This document is not intended to be a definitive guide, but more of a review of the specific security issues resulting from the use of HTML 5. Portcullis was asked to provide consultancy in the form of analysis and good practice recommendations with respect to migrations from Flash to HTML 5. Whilst this document is […]
  • Web Application Password Reset Good Practice Guide (3/24/2012) - Over the years of application testing we have seen many bad password reset implementations, so we have put together a good practice guide to help design a secure process for your applications. This guide aims to detail the key features of secure password reset procedures which can be used within web applications. As well as […]
  • Apple iOS In the Workplace (3/23/2012) - This whitepaper discusses the security of Apple iOS with particular focus on its usage in the workplace. The intended audience for this is technical/managerial, that is to say, in parts it will be moderately technical, but the key focus will be the provision of information to those planning or evaluating roll outs of iOS based […]
  • Firefox Lockdown (6/23/2009) - Firefox can be locked down similar to Internet Explorer, and this guide will give you the relevant information that is needed to create a secure, locked-down configuration, to restrict knowledgeable users actions into manipulating Firefox for their own needs. With Firefox’s popularity rising on a day-by-day basis, many corporate environments are starting to employ the […]
  • XSS Tunnelling (11/10/2008) - XSS Tunnelling is the tunnelling of HTTP traffic through an XSS Channel to use virtually any application that supports HTTP proxies. This paper explains the idea and the real world implementation.
  • Deep Blind SQL Injection (8/18/2008) - Deep Blind SQL Injection is a new way to exploit Blind SQL Injections with a 66% reduction in the number of requests. However it is still possible to retrieve data, moreover it is possible with a 66% reduction in the number of requests made of the server, requiring two rather than six requests to retrieve […]
  • DoS Attacks Using SQL Wildcards (8/18/2008) - This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers. This can be achieved using only the search field present in most common web applications. If an application has the following properties then it is highly possibly vulnerable to wildcard attacks: 1- An SQL Server Backend; 2- More than 300 records […]
  • Next Generation Malware: Windows Vista’s Gadget API (3/31/2008) - Windows has had the ability to embed HTML into it’s user interface for many years. Right back to and including Windows NT 4.0, it has been possible to embed HTML into the task bar, but the OS has always maintained a sandbox, from which the HTML has been unable to escape. All this changes with […]
  • Having Fun With PostgreSQL (3/27/2008) - PostgreSQL is one of the most commonly used open source database management systems. This paper describes weaknesses in the PostgreSQL configuration that may be abused for privilege escalation, as well as remote command execution and the uploading of arbitrary files to the system.

Twitter Feed