This simple quote app is littered with security vulnerabilities. Dumb things like passing user_id on the quotes#create form. Cross site scripting SQL Injection Cross site request forgery