Coding for Hackers

Languages › SQL

SQL

Roadmap

The language of data — and of injection.

Learning Path Available — Lessons Currently Being Developed

Overview

SQL is how nearly every application talks to its database, which makes it the language behind one of the oldest and most impactful vulnerability classes: SQL injection. Learning SQL means understanding queries well enough to inject, extract, and exfiltrate — and to read the parameterised code that stops you.

Why learn SQL

  • Every data-driven app speaks SQL — injection is everywhere.
  • Understanding queries is required to exploit and to defend them.
  • It underpins data exfiltration and authentication bypass.

Security applications

  • SQL injection discovery and exploitation
  • Blind and time-based extraction
  • Authentication bypass via injection
  • Reading parameterised vs vulnerable queries
  • Database enumeration and exfiltration

Planned curriculum

  1. SQL basics: SELECT, WHERE, JOIN
  2. How queries are built in code
  3. Classic SQL injection
  4. UNION-based extraction
  5. Blind and time-based injection
  6. Authentication bypass payloads
  7. Database-specific syntax
  8. Parameterisation and defense
This path is on the roadmap. The four live courses (Python, JavaScript, Bash, Regex) will teach you most of what carries over.

Related languages

PHP Roadmap Python Live Regex Live