>>53715588It is if you're doing specific things.
For example, you can use an integer overflow for an input into a strcpy function and since it doesn't have a length limit this can allow you to run malicious code by making it seem like the line of code has been finished (include ");" in your input string).
There are also a bunch of things you can do with SQL that's arguably coding depending on if you count SQL as that.
But then there's stuff like man in the middle attacks where you just intercept a key. These don't really require programming but are caused by security programmers skipping parts of the SSL security when developing their apps. This is pretty common in Android apps where they don't bother with making their communication protocols secure.
By the way I'm not a hacker