What are all the security measures I should check over before deploying my Rails application?

I want to make sure all security aspects of my application are covered. I know this will probably vary from application to application, but what are the general things you should make sure you are doing to prevent security开发者_如何学Go breaches?

Ryan Bates did a nice railscast on security that i have gotten something out of, you may want to check it out.

http://railscasts.com/episodes/178-seven-security-tips

The official rails guide on security is really good:

http://guides.rubyonrails.org/security.html

The site itself:

1. Are all the pages that required a login protected?
2. If an error occurs in the application does the user retrieve a general message instead of YSOD (asp mvc)
3. https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

After that there are also external risk: A database-backup gets lost(stolen) , social engineers , angry co-workers , unpatched servers , ....

attr_accessible, if you're not using it your models then that's a big security flaw as your users could effectively change any fields they want.