WIFC is a OSI layer 7 communication protocol based on HTTP and XML. It enables assessment of the business logic implementation of a web application backend, by probing it with certain combinations of parameter values and testing the response. These values can be either:

  • Parameters passed in the query component [1] of a URL in an HTTP GET request. These parameters come after the URL path and a ? sign, and have the form parameter=value. Several tuples are separated by a & sign.
  • Parameters passed in the entity of an HTTP POST request [2].
  • Form fields, such as those defined inside <form> tags in HTML code.

 

Dridex, a year of online fraud

Wednesday, 17 February 2016 10:52

Dridex malware is a Trojan with multiple functionalities. Its activity is mainly based on the theft of banking data from users through web sites or "web-injects". However, it has also been used for other and less obvious purposes. For example, stealing documents in sensitive sectors such as government networks, hospital environments, universities, legal services, copyright management entities and aeronautical companies.