Rails' Insecure Defaults

Cross-Site Request Forgery (CSRF)