A developer has implemented a piece of client-side JavaScript code to sanitize a user’s provided input to a web page login screen. The code ensures that only the
upper case and lower case letters are entered in the username field, and that only a 6-digit PIN is entered in the password field. A security administrator is
concerned with the following web server log:
10.235.62.11 – [02/Mar/2014:06:13:04] “GET
/site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1″ 200 5724
Given this log, which of the following is the security administrator concerned with and which fix should be implemented by the developer?
A.
The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable
characters.
B.
The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the browser side.
C.
The security administrator is concerned with SQL injection, and the developer should implement server side input validation.
D.
The security administrator is concerned that someone may log on as the administrator, and the developer should ensure strong passwords are enforced.