[bluetooth]

How did you test for YAML injection? From my past experiences with Ruby (hardly any) YAML injection is difficult to test from a blackbox perspective as you need an understanding of the source code in order to be able to craft the appropriate serialized YAML object to yield code execution.

[borski]

Couple of methods. For one thing, we test for status codes returned for particularly crafted YAML/XML parameters. Aside from that, we also carefully craft a YAML injection using a timing attack and test blind, that way.