Ken Johnson is a security-focused technologist and co-founder currently serving as CTO of DryRun Security, with over 15 years delivering application and cloud security across startups and enterprises. He blends hands-on full-stack development with deep offense/defense expertise from roles at GitHub, nVisium, and LivingSocial, and has a particular knack for translating vulnerability research into usable developer-facing tooling. Ken has contributed to notable open-source projects like OWASP RailsGoat—improving tutorials, UI, and fixing XSS—and built core security logic for WeirdAAL, an AWS attack library that demonstrates practical cloud threat modeling. Based in Gainesville, VA, he combines executive leadership with day-to-day engineering, often surfacing non-obvious risks (like credential and config misuse) through automated, reproducible checks.
A vulnerable version of Rails that follows the OWASP Top 10
Role in this project:
Full-stack Developer
Contributions:3 releases, 4 reviews, 277 commits in 9 years 4 months
Contributions summary:Ken primarily focused on front-end development and UI improvements for the RailsGoat application. Their contributions included modifying the home page, implementing a tutorial guide with "builder" and "breaker" categories, and dynamically loading tutorial content. They also worked on fixing XSS vulnerabilities, cleaning up view code, and making modifications to CSS and javascript files. The user integrated a visit tutorial button and made changes to the login and signup pages.
Contributions:84 commits, 11 PRs, 15 pushes in 1 year 4 months
Contributions summary:Ken primarily focused on developing the foundational components of the AWS Attack Library (WeirdAAL), starting with basic setup and import testing. They implemented argument parsing and a step-based execution flow, incorporating the use of environment variables and config files. The user also added security-focused logic, including checks for AWS access keys and initial account access validation, demonstrating an understanding of AWS security best practices.
securitypentest-toolpython3awsattack
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.