Joe Testa

Founder at Positron Security

City of Rochester, New York, United States
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
Joe Testa is a founder and principal penetration tester with 13 years of hands-on experience in offensive security, vulnerability research, and secure backend engineering based in Rochester, NY. He leads Positron Security and is an active open-source contributor to high-profile projects like Metasploit and sslscan, where his work improved cross-platform compatibility and expanded protocol analysis capabilities. His contributions to SSH tooling (ssh-audit, ssh-mitm) show deep expertise in cryptographic auditing, exploit development, and practical hardening—down to removing root privileges and adding AppArmor confinement. Joe blends practical exploit development with engineering rigor, often turning research-grade findings into production-ready tooling and mitigations. An uncommonly pragmatic researcher, he focuses on making security tools safer to run and easier to integrate into real-world assessments.
code13 years of coding experience
github-logo-circle

Github Skills (39)

audit-trail10
penetration-testing10
multiplatform10
python10
meta10
openssh10
audit10
cross-platform10
c1110
networking10
security10
c1710
exploit10
windows-security10
code-auditing10

Programming languages (13)

PowerShellC++CSSCRustGoHTMLShell

Github contributions (5)

github-logo-circle
jtesta/ssh-audit

Sep 2017 - Oct 2022

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
Role in this project:
userBack-end Developer & Security Engineer
Contributions:13 releases, 11 reviews, 263 commits in 5 years 1 month
Contributions summary:Joe's contributions centered on enhancing the security auditing capabilities of the `ssh-audit` tool. They focused on implementing functionality to audit RSA host key sizes, RSA certificate sizes, and DH modulus sizes, adding checks for weak key sizes. The user also introduced checks for vulnerabilities and added new algorithms, significantly expanding the tool's scope for identifying security weaknesses in SSH configurations. They also added Python3 fixes.
exchangessh-serversecuritysshclient-server
jtesta/ssh-mitm

May 2017 - Jul 2021

SSH man-in-the-middle tool
Role in this project:
userBack-end Developer & Security Engineer
Contributions:4 releases, 152 commits, 7 PRs in 4 years 2 months
Contributions summary:Joe made significant contributions to securing and enhancing the SSH man-in-the-middle tool, as indicated by code changes focused on removing root privileges, implementing AppArmor profiles for enhanced security, and improving the overall functionality of the SSH daemon. They added features like SFTP logging and implemented code to handle the logging of commands in SFTP. The user also addressed a security vulnerability by rejecting execution of `passwd` in a session.
sshman-in-the-middle
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Joe Testa - Founder at Positron Security