A web organization is developed in-house by an organization. Which of the following would provide the BEST evidence to an IS auditor that the application is secure from external attack? 

Answer options:

A. Code review by a third party
B. Web application firewall implementation
C. Penetration test results
D. Database application monitoring logs

C