A comprehensive primer about CSRF, Session attacks, Redirection, XSS attacks and MySQL security for Rails Totally awesome. Must-read for any production Rails dev. Heiko Webers is totally providing a huge service by compiling a comprehensive list of items to check for. Download Owasp-rails-security.pdf