SQL injection is an attack where malicious code is inserted into user inputs, which are then executed by a database. This allows attackers to manipulate or access sensitive data, making it the correct choice.

The main purpose of input validation is to prevent cross-site scripting and injection attacks by ensuring that user inputs are safe and conform to expected formats, thus protecting the application from malicious inputs.

Code signing is a security mechanism that uses digital signatures to verify the authenticity and integrity of code, ensuring it has not been altered since its publication by the developer.

The correct answer is 'Directory traversal'. This vulnerability allows attackers to access files outside the intended directory by manipulating file paths, potentially exposing sensitive information on the server.

DevSecOps integrates security into every phase of the software lifecycle, ensuring that security practices are part of development and operations. This contrasts with other practices that may address security separately.

Persistent XSS involves malicious scripts stored on a server, which are executed whenever a user views the affected page. This distinguishes it from reflected and DOM-based XSS, which do not involve stored scripts.

Sandboxing refers to running applications in isolated environments, preventing them from interacting with critical system resources. This ensures security and stability, making it the correct term for the question.