What is the most secure we can get with Rails?
Rails have a large number of built-in security features. As far as I know, it deals with all of the most common security issues, such as CSRF, account hijacking, code injection, session fixation, etc.
If a Rails application makes good use of all those built-in features, what may be missing? How distant it gets from other well-known secure applications such as Salesforce?
How much does the infrastructure affects that? Is Heroku a safe platform? Running your own servers may lead to a more secure environment?
I’m building an application that will be used by a NYSE listed company and therefore it must follow the SOX act. This company has large concerns with data security, but it uses Salesforce, i.e., it has data living outside their walls. If I follow all the Rails best practices and host this app in Heroku (which is now owned by Salesforce), how far I will be from Salesforce security?