Security whitepapers and presentations

This page serves as part of the Portcullis commitment to sharing our experience and knowledge with the wider community. Below you will find security white papers and presentations which you can download directly for your own use.

A list of free whitepapers and presentations from Portcullis are available for download from our Labs Website.

Click here to visit the Portcullis Labs Website

Samples of our whitepapers and presentations


SSL Good Practice Guide
Download Here!
Last update: 20/09/2013

SSL Good Practice Guide

This whitepaper discusses a number of attack vectors for SSL and TLS, offering real world examples where it can.It also offers advice on how to protect and correctly configure, with the goal of helping ensure that SSL services have a minimised attack surface.


Big Game Hunting: Simple techniques for bug hunting on big iron UNIX
Download Here!
Last update: 10/09/2012

Big Game Hunting: Simple techniques for bug hunting on big iron UNIX

Presentation on auditing and bug hunting on AIX (as given at 44con 2012).


Apple iOS in the workplace
Download Here!
Last update: 27/03/2012

Breaking the Links: Exploiting the Linker

Presentation on exploiting linkers based on my paper (as given at Uncon 0×12 and CRESTCon 2010).


Apple iOS in the workplace
Download Here!
Last update: 16/02/2011

Apple iOS in the workplace

This whitepaper discusses the security of Apple iOS with particular focus on its usage in the workplace.


First Responder Guide
Download Here!
Last update: 26/02/2013

First Responder Guide

The purpose of this document is to provide guidance on both a technical and practical level to those employees or individuals likely to act as the First Responder in the event of a security incident. Much of this guidance draws on the Portcullis Cyber Threat Analysis and Detection Service (CTADS) incident response methodology.


Download HTML 5 Good Practice
Download Here!
Last update: 27/3/2012

HTML 5 good practice guide

This document is not intended to be a definitive guide, but more of a review of specific security issues resulting from the use of HTML 5.


Web Application Password Reset (Good Practice Guide)
Download Here!
Last update: 24/3/2012

Web Application password reset (good practice guide)

This guide aims to detail the key features of secure password reset procedures which can be used within web applications. Detailing these features, it gives examples of how the reset can be done.


A list of free whitepapers and presentations from Portcullis are available for download from our Labs Website.

Click here to visit the Portcullis Labs Website