Which of the following best describes an application layer attack?

An application layer attack is characterized by its focus on manipulating application software in order to exploit vulnerabilities within the application. The correct choice highlights methods commonly used in this type of attack, such as SQL injection. SQL injection involves introducing malicious SQL statements into an entry field, which can allow an attacker to interact with the application's database in unauthorized ways, leading to potential data breaches or unauthorized actions within the application.

This understanding is crucial because application layer attacks often take advantage of web applications or services that rely on user input. By targeting the interface through which users interact with the application, attackers can circumvent traditional security measures that protect the network or infrastructure layer, thereby exposing sensitive information or compromising the functionality of the application itself.

Therefore, the emphasis on manipulating application software directly through techniques like SQL injection is what distinctly categorizes choice B as the most accurate description of an application layer attack.