You are responsible for database security at your organization. You are worried that programmers might pass badly written SQL commands to the database, or that an attacker might exploit badly written SQL in applications. Which of the following is the BEST way to alleviate this risk?

Stored procedures are the best way to have standardized SQL. Rather than programmers writing their own SQL commands, they simply call the stored procedures that the database administrator creates. Formal code inspection might detect a lack of security practices and defenses but won’t stop SQL-based attacks. Policies requiring stored procedures might help but are a less direct path to the solution. Finally, agile programming is a method for developing applications rapidly and won’t determine how SQL commands are created.