This event has ended. Visit the official site or create your own event on Sched.
One Track
Lots of Flavor
Thursday, April 18 • 11:00am - 11:30am
Upstreaming security to rails: a story about falling behind and catching back up again

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Web frameworks have helped enable development that just would not be practical otherwise. While frameworks can introduce unseen attack surfaces, they can also solve problems including entire classes of vulnerabilities <caveat>when a supported version of the framework is used properly</caveat>.  GitHub is in the interesting position of employing members of the rails security group, core maintainers, and public bounty members. We have introduced features, applied secure defaults, and taken away many rough edges. This talk will explore examples of features that other frameworks can or should use, some of which came from GitHub. We will also explore the history of some of these features across other frameworks. 

It's no surprise that using out of date dependencies introduces many types of risk. It also makes it very hard to hire, retain, maintain, secure, or improve anything or anyone. Bleeding edge or die

avatar for Neil Matatall

Neil Matatall

Product Security Engineer, GitHub
Neil is a product security engineer at GitHub. He has mostly worked on web application security and is frequently involved in AppSec communities. Previously, Neil has been an engineer at Twitter, a W3C-webappsec group member, an OWASP Chapter leader, and has organized multiple conferences... Read More →

Thursday April 18, 2019 11:00am - 11:30am HST
Halele'a Room (Salon 2) 3610 Rice Street, Lihue, Hawaii 96766, USA