Injection

Injection vulnerabilities could introduce a high level of risk, modifying the commands or queries used by the systems that our applications depend on. Ranging from SQL, file path, HTTP headers, or even git commands, injection vulnerabilities would usually fetch a large bounty.

Given our heavy usage of Ruby on Rails, you may want to peruse their security guide’s section on SQL injection.

More about injection vulnerabilities from OWASP’s Top 10:

Injection flaws occur when an application sends untrusted data to an interpreter. Injection flaws are very prevalent, particularly in legacy code. They are often found in SQL, LDAP, Xpath, or NoSQL queries; OS commands; XML parsers, SMTP Headers, program arguments, etc. Injection flaws are easy to discover when examining code, but frequently hard to discover via testing. Scanners and fuzzers can help attackers find injection flaws.