A very nice list. Readable, explanatory, and full of good suggestions. Almost all focused on session / injection / xss attacks, but that's probably the biggest threat you've got. I wish I'd seen it sooner; most I've seen before, but the regex one in particular was new to me, and it really only takes one, doesn't it?

Anyone know of anything notable they missed? I'd love to know, and it could be useful to get it added to the list too.

The regular expression surprised me. I'm really used to using ^$ in php and it works as intended but apparently in Ruby the correct delimiters are \A\z.

One of my rails apps was hijacked via xss injection last week. I wish I had read this guide sooner. I highly recommend for any rails admin.

Thanks. I've read this before, but it's always good to reread it.