Web-based and other electronic voting platforms are growing as
some countries have considered them viable in ensuring
transparency and accountability during elections. One of the most
cited challenges that hinders widespread adoption borders on
cybersecurity. In modern times, attackers and cyber criminals
have developed automated tools that could exploit seemingly
secured data intensive applications within few minutes resulting
to data breaches and losses. Data injection attacks (DIA) are
prevalent on web applications and software engineers are
combatting the trend using techniques such as parameterized
queries (PQ), stored procedures (SP), and language integrated
query (LINQ). This paper is aimed at evaluating the effectiveness
of LINQ in circumventing DIA directed to internet voting
application (IVP). This paper employed a hybrid approach
comprising object-oriented techniques (OOT), exploitation, and
vulnerability analysis respectively. OOT was used to develop two
streams of IVP with C# as the base language. The two software
streams were: Fully LINQ-based, and embedded SQL-based with
LINQ. Vulnerability analysis were conducted on both application
streams using the SQLMAP installed on kali Linux. The results
showed that a LINQ-only platform offered good resistance to data
injection, whereas the application stream with traditional
embedded SQL was susceptible to exploitation with SQLMAP. It
is concluded that the use of carefully structured LINQ could
effectively circumvent web-based injection attacks in IVPs.