As part of our effort to make Ruby on Rails applications known for its good security, I have written a compact-style book in 2008. I believe that making Rails applications more secure, can't be done solely by implementing security features in the framework, but also by help the community learning about security.
Note: The book is made available to the community completely free of charge. You may read it, send it to your colleagues and link to this page from your blog. Conditions:
Attribution. You must attribute the work and keep the original copyright notice.
Share — You are free to copy, distribute and transmit the work.
Remix — You are free to adapt the work.
Noncommercial. You may not use this work for commercial purposes.
You might also consider a Ruby on Rails security audit by me.