You are reviewing an ASP.NET Web application that uses dynamic SQL.
The Web application validates user credentials against a Microsoft SQL Server 2008 database by using Forms authentication and hashing the password.
You need to recommend an approach for testing whether users can gain elevated access to the Web application.
What should you recommend?

A.
Perform SQL injection tests.

B.
Perform penetration tests for cross-site scripting.

C.
Perform unit tests that supply valid and invalid passwords.

D.
Perform Web tests that supply valid and invalid passwords.