James Kettle

Director Of Research at PortSwigger

England, United Kingdom
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
James Kettle is Director of Research at PortSwigger with 12 years of hands-on experience in web security, leading research and tooling around vulnerability detection for Burp Suite. He combines leadership with deep technical work—contributing core logic and advanced detection techniques to projects like param-miner and http-request-smuggler, and enhancing plugins such as ActiveScan++ to catch real-world CVEs. Based in England, he’s known for pragmatic exploitation techniques (dual-TE, reverse-timeout) and for integrating scanning ecosystems (Burp–ZGrab) to scale discovery. His blend of product-focused research and low-level protocol expertise helps translate obscure attack vectors into reliable, production-ready scanner checks.
code11 years of coding experience
stackoverflow-logo

Stackoverflow

Stats
68reputation
6kreached
2answers
1question
github-logo-circle

Github Skills (20)

burp10
python10
vulnerability-scanners10
web-application-security10
it-security10
audit10
java10
security10
javas10
code-auditing10
audit-logging10
web-security10
scanning10
auditing10
audit-trail10

Programming languages (9)

JavaCJavaScriptGoPHPHTMLRubyPython

Github contributions (5)

github-logo-circle
albinowax/ActiveScanPlusPlus

Jun 2014 - Dec 2020

ActiveScan++ Burp Suite Plugin
Role in this project:
userSecurity Engineer
Contributions:1 release, 57 commits, 16 PRs in 6 years 6 months
Contributions summary:James primarily focused on enhancing the security posture of the Burp Suite plugin, ActiveScan++. Their contributions involved identifying and implementing checks for various vulnerabilities, including CVE-2014-6271 (shell command injection), CVE-2015-2080 (JetLeak), and CVE-2017-5638 (Struts2 RCE). The user also added checks for edge-side include vulnerabilities and Rails file disclosure (CVE-2019-5418), improving the plugin's ability to detect potential security flaws. Furthermore, they refactored the host header scanning to avoid using custom insertion points and added a Solr XXE check.
burpactivescansuite
Role in this project:
userBack-end Developer
Contributions:244 commits, 3 PRs, 44 pushes in 4 years 2 months
Contributions summary:James contributed to the `portswigger/http-request-smuggler` repository by adding and modifying code related to request smuggling detection. Their commits included the implementation of a "Burp-ZGrab interface," which likely integrates the Burp Suite with Zgrab for scanning. The user also introduced new methods, including one for reverse-timeout detection and dual-TE (Transfer-Encoding) techniques. Furthermore, they made enhancements to the scan functionality with a generic BulkScan handler and fine-tuned techniques to accurately identify request smuggling vulnerabilities.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
James Kettle - Director Of Research at PortSwigger