Which of the following software security best practices would prevent an attacker from being able to run arbitrary SQL commands within a web application? (Choose two.) 

Answer options:

A. Parameterized queries
B. Session management
C. Input validation
D. Output encoding
E. Data protection
F. Authentication

AC

Reference: https://www.ptsecurity.com/ww-en/analytics/knowledge-base/how-to-prevent-sql-injection-attacks/