In 250 words or more answer the following.
During a web application security review, Alice discovered that one of her organizations applications is vulnerable to SQL injection attacks. Where would be the best place for Alice to address the root cause issue?