Heiko Webers writes:

I think many of us share the perception of Rails being a "secure" framework. And that might well be true, because we need less code to get things done and less code means a better overview of what's happening. But though Rails seems to be safer, doesn't allow us to lean back. There has been a security bug in Rails last year and even in Ruby itself.

I've started a new blog about Ruby on Rails security concerns called "Ruby on Rails Security". In the next few months I will address the secure configuration of web servers, how to securely set up MySQL, Rails and Subversion. Also the common attacks, such as SQL injection, Cross Site Scripting, and more, will be addressed along with the countermeasures.

There are only a few posts so far, but I think this is an under-served niche in Rails blogging, so I look forward to more posts soon.