QUESTION 12 A variant where the attacker includes malicious script content in data supplied to a site is thenerability. PHP remote code injection SQL injection Cross-sito scripting XSS reflection QUESTION 13 which of the followign statement about HTTP or HTTPs is true? HTTP and HTTPS traffic go through the same port at the server site HTTP is stateless which HTTPs is statelul ? cookies is a client side session tracking mechanism GET is used for web page request while POST is used for response QUESTION 14 At the client site, the web browser has been setup NoSaript plugin, however, it cannat prevent the user A being infected when the user access a web site B by using such web browser. which of the following statement is true? the web browser cannot be infected by XSS since the NoScript plugin provent th XSS the web browser can be infected by XSS since the NoScript plugin cannot prevent the server site persistent XSS the XSS plugin cannot prevent XSS at all none of the above statemetn is true QUESTION 15 For SQL injection, it can only be possible via using the GET variables. True False