There are a number of areas where rails can help web application developers ensure that their applications are appropriately secured (eg, CSRF protection and encoding of output) but there are others which can never really be addressed by frameworks alone. Additionally it’s very easy when developing an application to make assumptions about what is and isn’t possible for users to do, which is something hackers tend to take advantage of. My intention would be to present this in line with the OWASP top-10 vulnerabilities which is one of the most commonly used classifications of web application flaws.
http://scotland-on-rails.s3.amazonaws.com/2B07_RoryMcCune-SOR.mp4
