Which statements on web applications security are correct

The OWASP Top $10$ security risks do apply to Node.js applications.

Side$-$channel attacks can be used to extract sensitive information by observing physical characteristics of a computer system, such as power consumption or electromagnetic emissions.

Updating the software on a local HTTP server is not necessary for ensuring its security.

Storing sensitive information in plain text in cookies is considered secure$.$