Which of the following statements on web applications security are correct

$$ The cross$-$site request forgery $($CSRF$)$ attack can be countered if the web browser sends all cookies it has matching a domain to a corresponding web server.

$$ Side channel attacks can be executed without any direct access to the target web application system.

$$ Code injection attacks are only possible in web applications that use server$-$side scripting languages $($such as PHP or Ruby$).$

$$ The SameSite attribute on cookies has no impact on cookie security.

Which below statements are correct

$$ DNS rebinding attacks exploit the trust relationship between a web browser and a web server.

$$ Wrongly designed API can be used to launch various attacks on websites.

$$ Captcha security measures can be bypassed by advanced bots.

$$ Input validation is not an effective way to prevent SQL injection attacks.

Which following statements are correct

$$ Regenerating session IDs on every request cannot help preventing session fixation attacks.

$$ Phishing attacks are commonly executed through fake emails or instant messages that appear to come from a trusted source.

$$ Using per$-$session salt values in session tokens will not add an additional layer of security.

$$ HTTPS provides end$-$to$-$end encryption between the client and the server.