Schedule

Dennis Pacewicz
Dennis Pacewicz
  • @lyninx

Dennis is a Senior Product Security Engineer at GitHub, working on building security paved paths and improving code security across the open source community. He's based in Toronto, Canada.

Wei Lin Ngo
Wei Lin Ngo
  • @Creastery

Wei Lin is a Staff Security Engineer at Praetorian focusing on product and application security. He's previously a Senior Web Security Researcher at STAR Labs.

Keeping Secrets: Lessons Learned From Securing GitHub

This talk recalls an incident at GitHub in which a security researcher was able to access all of the production environment variables from github.com by utilizing unsafe reflection to exploit a vulnerability in GitHub's codebase. We'll walk through the process of identifying the vulnerability, GitHub's response to the disclosure, how you can improve the code security of your Ruby codebases, and some tips related to managing secrets in Ruby apps.