Just read through the Ruby on Rails Security Guide, and i Have to say there is some great info in there. I don’t use RoR at all, but a lot of the info would apply to any web application.