This talk recalls an incident at GitHub in which a security researcher was able to access all of the production environment variables from github.com by utilizing unsafe reflection to exploit a vulnerability in GitHub's codebase. We'll walk through the process of identifying the vulnerability, GitHub's response to the disclosure, how you can improve the code security of your Ruby codebases, and some tips related to managing secrets in Ruby apps.
Schedule
Dennis is a Senior Product Security Engineer at GitHub, working on building security paved paths and improving code security across the open source community. He's based in Toronto, Canada.
Wei Lin is a Staff Security Engineer at Praetorian focusing on product and application security. He's previously a Senior Web Security Researcher at STAR Labs.