How to enhance security against time-based SQL injection attacks?

The project we are working on that involves testing the security of a .NET Core 6.0 Web API application, which uses SQL Server as the database and EF Core as the ORM. As part of our security testing efforts, we want to address potential vulnerabilities related to time-based SQL injection attacks on different database platforms.

We are aware of the OWASP ZAP security testing tool, but we would appreciate any advice or insights on how to effectively utilize it for time-based SQL injection testing in our specific technical stack.

Database considerations: As our application relies on SQL Server, are there any database-specific features, settings, or configurations we should be aware of to enhance security against time-based SQL injection attacks?

EF Core ORM considerations: Given that we use EF Core as our ORM, are there any ORM-specific measures or techniques to mitigate time-based SQL injection risks? How can we ensure that our EF Core implementation is secure and resilient against such attacks?

Observation Type :
SQL Injection - Oracle - Time Based
SQL Injection - SQLite
SQL Injection - PostgreSQL - Time Based

Technical Stack :
Framework : .net Core 6.0 Web API
DataBase : SQL Server
ORM : EFCore

Security Testing tool:
OWASP ZAP : https://www.zaproxy.org/