SQL injection is a common hacking technique used to retrieve or destroy data from a database without permission. It is considered one of the top web application security risks and so it is important to understand how to defend against it.

We've released a course on the freeCodeCamp.org YouTube channel that will teach you how SQL injection works and how to make sure your apps are not vulnerable to this attack.

Sagar Bansal developed this course. Sagar has created many best-selling security courses and has worked in the industry for many years.

To understand SQL injection, you will first need to understand SQL. This course begins by covering the basics of SQL and then gives an overview of different types of SQL injection.

You will learn about common attack techniques as well as tools that are often used for SQL injection attacks. You will also learn industry best practices to defend against these attacks.

Here are the sections covered in this course:

  • What is SQL Injection
  • Lab Setup
  • Basics of SQL
  • Classic Injection Bypass
  • Types of SQL Injection
  • Union Based SQL Injection
  • Error Based SQL Injection
  • Boolean Based SQL Injection
  • Time-Based SQL Injection
  • Semi-Automated SQL Injection
  • Fully Automated SQL Injection
  • Defending Against SQL Injections

Watch the full course on the freeCodeCamp.org YouTube channel (1-hour watch).