All servers in your company run Windows Server 2003. You publish Web applications by using IIS 6.0. You plan to publish a new Web application.

The Web application connects to a Microsoft SQL Server 2005 database and accepts unfiltered SQL queries. You need to examine SQL queries for injection threats.

Which tool should you use?

A.
URLScan 3.1

B.
Permissions Verifier

C.
IIS Lockdown Tool 2.1

D.
Microsoft Baseline Security Analyzer (MBSA) 2.1.1