After significant vulnerabilities and misconfigurations were found in numerous production web applications, a security manager identified the need to implement better development controls.
Which of the following controls should be verified? (Choose two.)
A . Input validation routines are enforced on the server side.
B . Operating systems do not permit null sessions.
C . Systems administrators receive application security training.
D . VPN connections are terminated after a defined period of time.
E . Error-handling logic fails securely.
F . OCSP calls are handled effectively.
Answer: AE