Rails security, how to lock down rails

I'm curious on any rails specific tips or tricks to lock down security. Say you have a rails application already done, now you want to go back and disable everything in rails that you can that is not needed by your application. For instance not loading certain modules, or how to configure your routes so that it only allows what is specifically stated and returns a 404 on everything else, etc.. I'm assuming that the application itself has already been coded security to avoid cross site scripting, sql injection, etc..