I think as a bare minimum, you should choose a web application that has a well documented guide covering security and make sure you read it and understand it. Django and rails both have well organized documentation around this topic. Most of the attacks are relevant to any web app, but how you deal with it is framework specific:

https://docs.djangoproject.com/en/1.8/topics/security/

http://guides.rubyonrails.org/security.html