A company’s security policy states that its own internally developed proprietary Internet facing
software must be resistant to web application attacks. Which of the following methods provides the
MOST protection against unauthorized access to stored database information?
A.
Require all development to follow secure coding practices.
B.
Require client-side input filtering on all modifiable fields.
C.
Escape character sequences at the application tier.
D.
Deploy a WAF with application specific signatures.