diff --git a/tech/databases.wiki b/tech/databases.wiki
index 08b3326..1a7a036 100644
--- a/tech/databases.wiki
+++ b/tech/databases.wiki
@@ -6,7 +6,6 @@ network, with caching and other optimizations.
 == Database Design Principle ==
 
 
-
 == SQL ==
 
 See [[../lang/sql]]
diff --git a/tech/security.wiki b/tech/security.wiki
index 6ef1c66..f392f3a 100644
--- a/tech/security.wiki
+++ b/tech/security.wiki
@@ -53,6 +53,8 @@ Hiding information
 Try setting the HTTP `Host` header value to `internal-ip:80` where internal ip
 is the ip address of a device inside of the target network
 
+* [[sqli]]
+
 
 
 
diff --git a/tech/sqli.wiki b/tech/sqli.wiki
new file mode 100644
index 0000000..2d73cd2
--- /dev/null
+++ b/tech/sqli.wiki
@@ -0,0 +1,9 @@
+= SQLI =
+
+SQLI or SQL injection is a type of attack where sql is placed into a field in
+an application, as is directly passed to a DBMS.
+
+An attack typically works by prematurely terminating a text string and
+appending a new command. Because the inserted command may have additional
+strings appended to it before it is executed, SQLI attack string generally end
+with a comment or `--`.