OWASP top 10

*Valve - Injection
*Starwood - Insufficient Monitoring
*Uber - Broken Authentication
*Vanilla Forums - Insecure Deserialisation
Uber failed to rate-limit the confirmation
endpoint, which would allow an attacker to brute-force business accounts and take rides on their
behalf