• Project Overview: Michael Lubas on 2025-01-07 presented Gem Shop. It's an intentionally vulnerable Ruby on Rails 8 project for security education with examples like SQL injection, XSS, and broken access control. It's a simple e-commerce site where users can buy gemstones. The project is open source and hosted on Paraxial.io GitHub.
• Teaching Approach: Many web developers are interested in security and there are many online resources. Hands-on labs are effective for students to understand. For experienced Ruby on Rails developers, focusing on security concepts in a Rails project is easier.
• Comparison with Other Projects: Gem Shop isn't the first vulnerable Rails project. OWASP Rails Goat started 12 years ago with releases up to Rails 6. Gem Shop aims to continue helping Rails developers learn security through Rails 8 and beyond.
• Importance of Cybersecurity: Cybersecurity is critical. Web developers are part of the ecosystem. An example is the 2017 Equifax data breach due to a vulnerability in Apache Struts. Rails web applications are critical infrastructure. Every developer needs to be aware of security risks.
• Current Status: The initial version of Gem Shop is live on GitHub. Star the repo, download the project, find security problems, and share feedback on the issue tracker. Pull requests for new vulnerabilities and features are welcome.
• Paraxial.io's Mission: Paraxial.io stops data breaches by helping developers ship secure applications. Get a demo or start for free.