Gem Shop is a deliberately vulnerable Ruby on Rails 8 application designed for educational purposes, specifically targeting web application security training. This project exposes developers to a range of security vulnerabilities including SQL injection, cross-site scripting (XSS), and broken access control, making it an essential tool for understanding and addressing these common threats.

Key Features

• Security Education: Gem Shop offers an interactive experience for developers to practice identifying and mitigating security vulnerabilities in a controlled environment.
• Realistic Scenarios: Users can simulate authentic security assessments by uncovering and repairing security issues within the application.
• Self-Guided Exploration: While familiar users can freely explore the system's vulnerabilities, a guide is available at self_guided.md for those seeking direction on where to start.

Usage Notes

• Warning: This project should not be deployed on a production server due to its inherent vulnerabilities, which could be exploited to compromise the server and network.
• Developer Guidance: A comprehensive tutorial with recommended study materials will soon be available, catering to beginners in web application security.
• Community Contribution: Users are encouraged to report additional vulnerabilities they encounter or wish to practice with, fostering a collaborative learning environment.

Sponsorship

Gem Shop is proudly supported by Paraxial.io, which specializes in aiding developers to secure web applications effectively. Paraxial.io provides a roadmap to implementing and automating key security controls, making them a valuable partner for projects looking to enhance their security posture.

By understanding and fixing the security flaws within Gem Shop, developers can enhance their skills in safeguarding real-world applications, ultimately contributing to more secure web environments.