An ORM (Object-Relational Mapping) is a framework that automatically maps database records to objects in your programming language. Instead of writing SQL queries manually, you work with methods and objects. Well-known ORMs include Hibernate (Java), Entity Framework (.NET), and ActiveRecord (Ruby). From a security perspective, ORMs reduce the risk of SQL injection because they parameterize inputs by default. However, ORMs do not provide complete protection if you use raw queries or misconfigure the framework. Your secure development guidelines should document the correct use of the ORM.