ORM is supposed to protect against SQL Injection attacks. As are Stored Procedures (due to parametrization of the data in the query). However, both ORMs and Stored Procs will not protect you against SQL Injection – if you are constructing your query (LINQ or SQL) using concatenation. Concatenating data values in a query is the source of all SQL Injection issues – and simply going LINQ–>ORM will not protect your app against that.

Everything I wanted to detail about this vulnerability was already explained in this post.

 

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

 Twitter Linkedin