https://medium.com/the-set-list/ruby-on-rails-security-be16bd1a8b02

We talk to a lot of folks about Rails, from VCs looking to staff their next company to new coding bootcamp grads. And one thing we see from newcomers and veterans alike is a lack of knowledge of web application and Rails security concerns.

Over and over again we see plans for a new web app with the assumption some “security contractor” is going to come review any and all security problems introduced by the team doing the actual building of the application. Rarely does that security contractor get hired. And so security bugs linger. And even worse, the development team is taught that they don’t have to be vigilant about security.