You are reviewing an ASP.NET Web application that uses dynamic SQL. The Web
application validates user credentials against a Microsoft SQL Server 2008 database by

using Forms authentication and hashing the password. You need to recommend an
approach for testing whether users can gain elevated access to the Web application. What
should you recommend?

A.
Perform unit tests that supply valid and invalid passwords

B.
Perform Web tests that supply valid and invalid passwords

C.
Perform SQL injection tests

D.
Perform penetration tests for cross-site scripting