A developer has implemented a piece of client-side JavaScript code to sanitize a user’s provided
input to a web page login screen. The code ensures that only the upper case and lower case
letters are entered in the username field, and that only a 6-digit PIN is entered in the password
field. A security administrator is concerned with the following web server log:
10.235.62.11 – – [02/Mar/2014:06:13:04] “GET
/site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1” 200 5724
Given this log, which of the following is the security administrator concerned with and which fix
should be implemented by the developer?

A.
The security administrator is concerned with nonprintable characters being used to gain
administrative access, and the developer should strip all nonprintable characters.

B.
The security administrator is concerned with XSS, and the developer should normalize Unicode
characters on the browser side.

C.
The security administrator is concerned with SQL injection, and the developer should
implement server side input validation.

D.
The security administrator is concerned that someone may log on as the administrator, and the
developer should ensure strong passwords are enforced.