×
1 Choose EITC/EITCA Certificates
2 Learn and take online exams
3 Get your IT skills certified

Confirm your IT skills and competencies under the European IT Certification framework from anywhere in the world fully online.

EITCA Academy

Digital skills attestation standard by the European IT Certification Institute aiming to support Digital Society development

LOG IN TO YOUR ACCOUNT

CREATE AN ACCOUNT FORGOT YOUR PASSWORD?

FORGOT YOUR PASSWORD?

AAH, WAIT, I REMEMBER NOW!

CREATE AN ACCOUNT

ALREADY HAVE AN ACCOUNT?
EUROPEAN INFORMATION TECHNOLOGIES CERTIFICATION ACADEMY - ATTESTING YOUR PROFESSIONAL DIGITAL SKILLS
  • SIGN UP
  • LOGIN
  • INFO

EITCA Academy

EITCA Academy

The European Information Technologies Certification Institute - EITCI ASBL

Certification Provider

EITCI Institute ASBL

Brussels, European Union

Governing European IT Certification (EITC) framework in support of the IT professionalism and Digital Society

  • CERTIFICATES
    • EITCA ACADEMIES
      • EITCA ACADEMIES CATALOGUE<
      • EITCA/CG COMPUTER GRAPHICS
      • EITCA/IS INFORMATION SECURITY
      • EITCA/BI BUSINESS INFORMATION
      • EITCA/KC KEY COMPETENCIES
      • EITCA/EG E-GOVERNMENT
      • EITCA/WD WEB DEVELOPMENT
      • EITCA/AI ARTIFICIAL INTELLIGENCE
    • EITC CERTIFICATES
      • EITC CERTIFICATES CATALOGUE<
      • COMPUTER GRAPHICS CERTIFICATES
      • WEB DESIGN CERTIFICATES
      • 3D DESIGN CERTIFICATES
      • OFFICE IT CERTIFICATES
      • BITCOIN BLOCKCHAIN CERTIFICATE
      • WORDPRESS CERTIFICATE
      • CLOUD PLATFORM CERTIFICATENEW
    • EITC CERTIFICATES
      • INTERNET CERTIFICATES
      • CRYPTOGRAPHY CERTIFICATES
      • BUSINESS IT CERTIFICATES
      • TELEWORK CERTIFICATES
      • PROGRAMMING CERTIFICATES
      • DIGITAL PORTRAIT CERTIFICATE
      • WEB DEVELOPMENT CERTIFICATES
      • DEEP LEARNING CERTIFICATESNEW
    • CERTIFICATES FOR
      • EU PUBLIC ADMINISTRATION
      • TEACHERS AND EDUCATORS
      • IT SECURITY PROFESSIONALS
      • GRAPHICS DESIGNERS & ARTISTS
      • BUSINESSMEN AND MANAGERS
      • BLOCKCHAIN DEVELOPERS
      • WEB DEVELOPERS
      • CLOUD AI EXPERTSNEW
  • FEATURED
  • SUBSIDY
  • HOW IT WORKS
  •   IT ID
  • ABOUT
  • CONTACT
  • MY ORDER
    Your current order is empty.
EITCIINSTITUTE
CERTIFIED
Questions and answers categorized in: Cybersecurity > EITC/IS/WASF Web Applications Security Fundamentals

Does implementation of Do Not Track (DNT) in web browsers protect against fingerprinting?

Saturday, 22 June 2024 by Acácio Pereira Oliveira

Although the implementation of Do Not Track (DNT) helps with anonymity in web browsers the assertion that it provides complete protection against fingerprinting is not accurate. To understand why, it is essential to consider the nature of DNT, the mechanics of web fingerprinting, and the broader landscape of privacy on the web. Do Not Track

  • Published in Cybersecurity, EITC/IS/WASF Web Applications Security Fundamentals, Web fingerprinting, Fingerprinting and privacy on the web
Tagged under: Browser Security, Cybersecurity, Do Not Track, Online Privacy, Tracking Prevention, Web Fingerprinting

Does HTTP Strict Transport Security (HSTS) help to protect against protocol downgrade attacks?

Saturday, 22 June 2024 by Acácio Pereira Oliveira

Yes, HTTP Strict Transport Security (HSTS) indeed plays a significant role in protecting against protocol downgrade attacks. To understand the specifics of how HSTS achieves this, it is essential to consider the mechanics of HSTS, the nature of protocol downgrade attacks, and the interaction between the two. HTTP Strict Transport Security (HSTS) HTTP Strict Transport

  • Published in Cybersecurity, EITC/IS/WASF Web Applications Security Fundamentals, Server security, Local HTTP server security
Tagged under: Cybersecurity, HSTS, HTTPS, Protocol Downgrade Attacks, SSL Stripping, Web Security

How does the DNS rebinding attack work?

Saturday, 22 June 2024 by Acácio Pereira Oliveira

DNS rebinding attacks represent a sophisticated and insidious method by which an attacker exploits the Domain Name System (DNS) to manipulate the way a victim's browser interacts with different domains. Understanding the intricacies of these attacks requires a thorough comprehension of how DNS functions, how web browsers enforce the same-origin policy, and the mechanisms by

  • Published in Cybersecurity, EITC/IS/WASF Web Applications Security Fundamentals, DNS attacks, DNS rebinding attacks
Tagged under: Browser Security, Cybersecurity, DNS, Network Security, Same Origin Policy, Web Application Security

Do stored XSS attacks occur when a malicious script is included in a request to a web application and then sent back to the user?

Thursday, 13 June 2024 by Acácio Pereira Oliveira

Stored Cross-Site Scripting (XSS) attacks are a type of security vulnerability that occurs in web applications. The statement "Stored XSS attacks occur when a malicious script is included in a request to a web application and then sent back to the user" is false. To understand why this is the case, it is essential to

  • Published in Cybersecurity, EITC/IS/WASF Web Applications Security Fundamentals, Cross-site scripting, Cross-Site Scripting (XSS)
Tagged under: ContentSecurityPolicy, Cybersecurity, InputValidation, OutputEncoding, ReflectedXSS, StoredXSS

Is the SSL/TLS protocol used to establish an encrypted connection in HTTPS?

Thursday, 13 June 2024 by Acácio Pereira Oliveira

The Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are cryptographic protocols designed to provide secure communication over a computer network. These protocols are fundamental to securing web applications, particularly through the use of HTTPS (HyperText Transfer Protocol Secure). HTTPS is essentially HTTP (HyperText Transfer Protocol) layered on top of SSL/TLS, thus

  • Published in Cybersecurity, EITC/IS/WASF Web Applications Security Fundamentals, TLS attacks, Transport layer security
Tagged under: Cybersecurity, Encryption, HTTPS, SSL, TLS

What are fetch metadata request headers and how can they be used to differentiate between same origin and cross-site requests?

Saturday, 05 August 2023 by EITCA Academy

Fetch metadata request headers are a set of HTTP headers that can be used to provide additional information about a request in web applications. These headers can play a important role in differentiating between same origin and cross-site requests, thereby enhancing the security of web applications. In this explanation, we will consider the concept of

  • Published in Cybersecurity, EITC/IS/WASF Web Applications Security Fundamentals, Practical web applications security, Securing web applications with modern platform features, Examination review
Tagged under: Cross-Site Requests, Cybersecurity, Fetch Metadata Request Headers, Same Origin Policy, Same Origin Requests, Web Application Security

How do trusted types reduce the attack surface of web applications and simplify security reviews?

Saturday, 05 August 2023 by EITCA Academy

Trusted types are a modern platform feature that can significantly enhance the security of web applications by reducing the attack surface and simplifying security reviews. In this answer, we will explore how trusted types achieve these objectives and discuss their impact on web application security. To understand how trusted types reduce the attack surface of

  • Published in Cybersecurity, EITC/IS/WASF Web Applications Security Fundamentals, Practical web applications security, Securing web applications with modern platform features, Examination review
Tagged under: Attack Surface, Cross-Site Scripting (XSS), Cybersecurity, Input Validation, Sanitization, Trusted Types, Web Application Security

What is the purpose of the default policy in trusted types and how can it be used to identify insecure string assignments?

Saturday, 05 August 2023 by EITCA Academy

The purpose of the default policy in trusted types is to provide an additional layer of security for web applications by enforcing strict rules on string assignments. Trusted types is a modern platform feature that aims to mitigate various types of vulnerabilities, such as cross-site scripting (XSS) attacks, by preventing the execution of untrusted code.

  • Published in Cybersecurity, EITC/IS/WASF Web Applications Security Fundamentals, Practical web applications security, Securing web applications with modern platform features, Examination review
Tagged under: Cybersecurity, Default Policy, String Assignments, Trusted Types, Web Application Security

What is the process for creating a trusted types object using the trusted types API?

Saturday, 05 August 2023 by EITCA Academy

The process for creating a trusted types object using the trusted types API involves several steps that ensure the security and integrity of web applications. Trusted Types is a modern platform feature that helps prevent cross-site scripting (XSS) attacks by enforcing strict type checking and sanitization of user input. To create a trusted types object,

  • Published in Cybersecurity, EITC/IS/WASF Web Applications Security Fundamentals, Practical web applications security, Securing web applications with modern platform features, Examination review
Tagged under: Cybersecurity, Sanitization, Trusted Types, Trusted Types API, Type Checking, Web Application Security, XSS Attacks

How does the trusted types directive in a content security policy help mitigate DOM-based cross-site scripting (XSS) vulnerabilities?

Saturday, 05 August 2023 by EITCA Academy

The trusted types directive in a content security policy (CSP) is a powerful mechanism that helps mitigate DOM-based cross-site scripting (XSS) vulnerabilities in web applications. XSS vulnerabilities occur when an attacker is able to inject malicious scripts into a web page, which are then executed by the victim's browser. These scripts can be used to

  • Published in Cybersecurity, EITC/IS/WASF Web Applications Security Fundamentals, Practical web applications security, Securing web applications with modern platform features, Examination review
Tagged under: Content Security Policy, Cybersecurity, DOM-based XSS, Trusted Types, Web Application Security, XSS Vulnerabilities
  • 1
  • 2
  • 3
Home » EITC/IS/WASF Web Applications Security Fundamentals

Certification Center

USER MENU

  • My Account

CERTIFICATE CATEGORY

  • EITC Certification (105)
  • EITCA Certification (9)

What are you looking for?

  • Introduction
  • How it works?
  • EITCA Academies
  • EITCI DSJC Subsidy
  • Full EITC catalogue
  • Your order
  • Featured
  •   IT ID
  • EITCA reviews (Medium publ.)
  • About
  • Contact

EITCA Academy is a part of the European IT Certification framework

The European IT Certification framework has been established in 2008 as a Europe based and vendor independent standard in widely accessible online certification of digital skills and competencies in many areas of professional digital specializations. The EITC framework is governed by the European IT Certification Institute (EITCI), a non-profit certification authority supporting information society growth and bridging the digital skills gap in the EU.

Eligibility for EITCA Academy 80% EITCI DSJC Subsidy support

80% of EITCA Academy fees subsidized in enrolment by

    EITCA Academy Secretary Office

    European IT Certification Institute ASBL
    Brussels, Belgium, European Union

    EITC / EITCA Certification Framework Operator
    Governing European IT Certification Standard
    Access contact form or call +32 25887351

    Follow EITCI on X
    Visit EITCA Academy on Facebook
    Engage with EITCA Academy on LinkedIn
    Check out EITCI and EITCA videos on YouTube

    Funded by the European Union

    Funded by the European Regional Development Fund (ERDF) and the European Social Fund (ESF) in series of projects since 2007, currently governed by the European IT Certification Institute (EITCI) since 2008

    Information Security Policy | DSRRM and GDPR Policy | Data Protection Policy | Record of Processing Activities | HSE Policy | Anti-Corruption Policy | Modern Slavery Policy

    Automatically translate to your language

    Terms and Conditions | Privacy Policy
    EITCA Academy
    • EITCA Academy on social media
    EITCA Academy


    © 2008-2025  European IT Certification Institute
    Brussels, Belgium, European Union

    TOP
    Chat with Support
    Chat with Support
    Questions, doubts, issues? We are here to help you!
    End chat
    Connecting...
    Do you have any questions?
    Do you have any questions?
    :
    :
    :
    Send
    Do you have any questions?
    :
    :
    Start Chat
    The chat session has ended. Thank you!
    Please rate the support you've received.
    Good Bad