Justin Steven is a Director of Research and seasoned computer security professional with over a decade of hands-on experience in incident response, application security, and secure code practices. He leads research at Tanto Security, cultivating consultant-driven investigations and practical exploit research while bridging commercial program needs and deep technical curiosity. Justin’s background includes senior roles in product and application security at major technology vendors and a telco, giving him a strong track record of building secure development programs and remediation pipelines. An active open-source contributor, he has patched vulnerabilities in Metasploit and enhanced exploit tooling in pwntools, demonstrating both offensive expertise and responsible disclosure. Based in Melbourne, he combines an academic grounding in network security with a practitioner’s focus on measurable risk reduction and tool-driven research.
11 years of coding experience
9 years of employment as a software developer
Bachelor of IT Networks Information Security, Bachelor of IT Networks Information Security at QUT (Queensland University of Technology)
Contributions:6 commits, 8 PRs, 22 comments in 5 years 11 months
Contributions summary:Justin primarily contributed to the `pwntools` CTF framework by improving and adding features related to exploit development. They introduced the `cyclic_metasploit` and `js_escape/js_unescape` functions, enhancing the framework's capabilities for generating patterns and encoding/decoding JavaScript strings, both useful in exploit scenarios. Furthermore, the user addressed bugs and improved existing functionalities by fixing typos, and correcting docstrings within the `cyclic` and `fiddling` modules, demonstrating a focus on code quality and usability for security researchers.
Contributions:1 review, 23 commits, 12 PRs in 5 years 2 months
Contributions summary:Justin's commits primarily focus on the Metasploit Framework, specifically addressing security vulnerabilities. Their contributions include patching command injection vulnerabilities in the msfvenom module and related APK template handling, as well as fixing bugs. The user also made changes to address other vulnerabilities. The work showcases expertise in identifying and mitigating security risks in penetration testing tools.
metasploitmetasploit-framework
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Justin Steven - Director Of Research at Tanto Security