Which type of review is MOST important to conduct when an IS auditor is informed that a recent internal exploitation of a bug has been discovered in a business application?

A. Forensic audit
B. Penetration testing
C. Server security audit
D. Application security testing