3-untrusteddata- all the option correct 4-sanitizing untrusted data - true 5-cross-site scripting-enable an attackers to inject code 6-string containg untrusted data- an attackers can insert additional malicious s ql 7-sql injection attack- using parameterized stmt. 8-buffer over flow attack- except( using the strcpy function to ensure) 9-files are uploaded into your application- except(file does not contain java sc ript) 10-json data - json is a subset. 11- input to an application - all the correct option 12- ASTA - essential part of your testing 13- fider tool- view and manipulating request and responses. 14- data validation - except ( software version checking) 15- handling untrusted data- some untructed data must never be used. -----------3rd 1- HTTP IS STATE : EXCEPT(THROUGH THE USE OF CAPTCHS) 2- AUTHENTICED SESSION-EXCEPT(SUBMIT) 3- CORRECT STMT: SESSION TOKEN, SESSION IDENTIFIERS( clent sends it with each re quest, clent sendsa refernce with each request) 4-security and cookies : for http requests, cookies to secure 5-http - except( http onlydosnot, all the above) 6- correct stmt- all the above 7-hp it security - except( managment policy) 8-hp it security goverence: ( session was first established) 9-HMDC: EXCEPT CRL 10-SOFTWARE DEVELOPED SECUIRTY STD : MINIMUM -------------