This rails guide on security is one of the most comprehensive that I’ve seen on that kinds of attacks that exist against web applications today.  While the counter measures that are specified are rails specific, the explanation of the attacks and vulnerabilities are valid for any web stack.  This is a must read for anyone that does web development now adays.