OWASP top 10

*Valve - Injection
*Starwood - Insufficient Monitoring
*Uber - Broken Authentication
*Vanilla Forums - Insecure Deserialisation
Valve paid out $25.000 to a person who located
an SQL injection reporter in report_xml.php
through countryFilter[]