You are conducting a security audit for a web application that uses URL rewriting. The application does not allow for user-generated content and is accessible only via secured VPN.
Which two security threats would you prioritize in your audit?
A. SQL injection
B. Cross-site scripting
C. Parameter-site manipulating
D. Session hijacking
E. Denial-of-service attacks