The future of malware doesn't belong to our hard disks. Every day criminal hackers use the web to steal numerous credit card numbers, confidential information, passwords, and everything else they can make money with or use to attack others. There are too many businesses depending on the Internet, that security is not an area to ignore.

Many Rails' developers share the perception of Rails being a "secure" framework. And that might well be true, because less code is needed to get things done, and less code means a better overview of what is happening. But though Rails seems to be safer, doesn't allow us to lean back.

While some security features are used automatically, it is equally important to understand the impacts of possible attacks against them and its countermeasures. And even more important are the numerous attack methods that cannot be fended off automatically. This talk focuses on more advanced security topics - for Rails and web applications in general.