1- this could lead to- all the above

2-enabling https untrusted data- false

3-untrusteddata- all the option correct
4-sanitizing untrusted data - true
5-cross-site scripting-enable an attackers to inject code
6-string containg untrusted data- an attackers can insert additional malicious s
ql
7-sql injection attack- using parameterized stmt.
8-buffer over flow attack- except( using the strcpy function to ensure)
9-files are uploaded into your application- except(file does not contain java sc
ript)
10-json data - json is a subset.
11- input to an application - all the correct option
12- ASTA - essential part of your testing
13- fider tool- view and manipulating request and responses.
14- data validation - except ( software version checking)
15- handling untrusted data- some untructed data must never be used.
-----------3rd
1- HTTP IS STATE : EXCEPT(THROUGH THE USE OF CAPTCHS)
2- AUTHENTICED SESSION-EXCEPT(SUBMIT)
3- CORRECT STMT: SESSION TOKEN, SESSION IDENTIFIERS( clent sends it with each re
quest, clent sendsa refernce with each request)
4-security and cookies : for http requests, cookies to secure
5-http - except( http onlydosnot, all the above)
6- correct stmt- all the above
7-hp it security - except( managment policy)
8-hp it security goverence: ( session was first established)
9-HMDC: EXCEPT CRL
10-SOFTWARE DEVELOPED SECUIRTY STD : MINIMUM
-------------