Joshua Maddux started out as a software engineer. After a few years, having introduced his share of problems to the world, he turned his life around and started hunting for vulnerabilities. Now at PKC Security he does a mix of software development and white-box penetration testing, with a focus on helping startups move fast without breaking too many things.
Aside from pentesting for clients, Joshua is also active in the bug bounty world. His past research has led to security updates in Java, Gitlab, United Airlines, Zapier, and others.
Twitter: @joshmdx
API-Induced SSRF: How Apple Pay Scattered Vulnerabilities Across the Web