Writing safe code is hard. Nowadays, a lot of web applications are written using MVC frameworks like:
This guide is an attempt to drive the developer in choosing the best strategy to develop a secure web application using the aforementioned frameworks.
The guide will cover how to setup both nginx and apache plus mod_passenger module environment in a safe manner and then will try to address security risks covered in the Owasp Top 10 in all of the major Ruby MVC.
A beta of the guide will eventually be out in January 2015.
Paolo - thesp0nge@owasp.org