Hello - I'm Justin Massey, a security engineer who constantly tries to find the medium ground in between security and usability. Easier said than done. Currently, I am employed at Datadog as a Product Security Engineer and I work in between the product security and engineering teams to ensure our customers are delivered a secure product. I enjoy traveling, running, skiing, and watching soccer.
Securing Your Accounts
Published: 10/24/18 | Category: How To
Python Requests and Burp Suite
Published: 3/9/17 | Category: How To
Debugging Jenkins + Checkmarx Maximum Upload Limit
Published: 9/19/16 | Category: Random
Web2Py Open Redirect Filter Bypass
Published 7/1/16 | Category: Vulnerability
Unauthenticated Stored Credential Recovery and Remote Command Execution on Jenkins
Published 11/15/15 | Category: Vulnerability
I built this project to introduce application security departments and penetration testers to pytest, a python testing framework. This project contains some sample pytest scripts to run against a Mutillidae 1 web server, an intentionally vulnerable web application for learning the OWASP top 10. You can use these scripts to become familiar with the pytest framework and help you visualize some different ways to test for vulnerabilities which you may have found in your application in the past and ensure they aren't reintroduced into the code base.
As a Site Reliability Engineer, I packaged our custom software for the AWS Marketplace with continuous deployment technologies such as Jenkins, Ansible and Packer. I also provided support to our Production Operations team to debug issues with our hosted solution.
I worked on the application security team and my original role was to conduct penetration tests on Ionic's key management as a service platform. This included writing custom tooling to test our patented key exchange. For every vulnerability I identified, I wrote a test case which could be run in a continuous integration pipeline. In addition to conducting penetration tests, I sat on the Enterprise Architecture Board to provide input from the security department on new architecture designs and changes.
As a junior penetration tester, I was required to conduct 1-2 week internal/external network, web application and physical penetration tests. These tests were conducted for clients wanting best practice pentests as well as PCI and other compliance tests.
At Atlanta Networking and Computer Help (ANCH), I managed the technical operations of the managed service provider. This included managing our help desk technicians and contractors. Additionally, I was tasked to manage the customer relations and provide assistance in the sales process.
After working as a Help Desk Technician for some time, I transitioned to providing server support. I administered a wide range of our client servers including: Windows Active Directory, Windows IIS + ASP.NET, Windows application servers, Microsoft SQL servers, Ubuntu web servers, MySQL servers, and more. ANCH also offered a web hosting solution and I administered multiple instances of our Plesk web servers.
I began my first job as a Helpdesk Technician and provided support to our customers remotely and on site. Some tasks involved with the job were: malware removal, diagnosis network issues, configuring LANs and WLANs.
