Other than that, there a lot of best practices for each framework on Medium or other blogs. Also, never store credentials in code, separate prod from dev, and apply patches regularly.
For Rails and general backend development, I liked reading through the backend code for Gitlab CE (https://gitlab.com/gitlab-org/gitlab-ce). Their code style follows Rails best practices pretty extensively.
For smaller projects with fewer configuration points, don't worry about abstracting as much as they do.
Looks like a great methodology and good results. Looking forward to reading the paper because I've been working around the GitHub API restrictions for the same purpose.
Specifically, I'm building a SaaS (https://www.locktower.com/) for organizations (or security teams) looking to have a managed solution for detecting leaked secrets in GitHub/BitBucket/etc. I'm in the process of building an on-prem version as well. Overall, I really hope to help drive down the number of unresolved leaks that the authors found.
Other than that, there a lot of best practices for each framework on Medium or other blogs. Also, never store credentials in code, separate prod from dev, and apply patches regularly.