That’s it, the Ruby on Rails Security guide is ready. It is available as a Rails manual at http://guides.rubyonrails.org/security.html and as a free e-book at https://rorsecurity.info/the-book/. The first batch of the new Rails Guides also includes 14 other quality manuals ranging from “Getting started”, routing, testing and debugging.
So far, the online version of the guide is one long page, I hope it will be seperated soon. Meanwhile you can read the e-book version of it. For those of you looking for a quick overview of good practice and countermeasures, scan the document for the fragments that are highlighted.
I will be officially announcing the Guide at the OWASP EU Summit in Portugal this week.