Are you just starting out with Rails security or with Ruby on Rails itself? Here are the Rails security links that you’ll need to get started. Especially the official Rails security guide will give you a good overview.
Httponly cookies in Rails
Why and how, for session and normal cookies
Learn to hack a Rails application
A vulnerable Rails app that follows the OWASP Top 10
Rails SQL injection cheat sheet
Many examples of what NOT to do
Video: The World of Rails Security
RailsConf talk: Introduction to Rails security
What is Cross Site Scripting (XSS)?
The number 3 in the OWASP Top Ten web application vulnerabilities
Note that I’ll add more to this page, subscribe to the mailing list to hear about it first.
