A developer has implemented a piece of client-side JavaScript code to sanitize a user’s provided input to a web
page login screen. The code ensures that only the upper case and lower case letters are entered in the
username field, and that only a 6-digit PIN is entered in the password field. A security administrator is
concerned with the following web server log:
10.235.62.11 – [02/Mar/2014:06:13:04] “GET
/site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1″ 200 5724 Given this log, which of the
following is the security administrator concerned with and which fix should be implemented by the developer?

A.
The security administrator is concerned with nonprintable characters being used to gain administrative
access, and the developer should strip all nonprintable characters.

B.
The security administrator is concerned with XSS, and the developer should normalize Unicode characters
on the browser side.

C.
The security administrator is concerned with SQL injection, and the developer should
implement server side input validation.

D.
The security administrator is concerned that someone may log on as the administrator, and the developer
should ensure strong passwords are enforced.