NetSPI Blog

Cody Wass

Cody has a BS in Computer Science from North Dakota State University. At NetSPI, Cody's primary duties include network, web, mobile, and thick applications. He also helps develop scripts and plugins for the NetSPI penetration testing team. Cody has previously spoken at BSidesLV and Secure360, and currently holds the GXPN certification.

Cody Wass
October 16th, 2018

XXE in IBM’s MaaS360 Platform

A couple of months ago I had the opportunity to test an implementation of MaaS360 – IBM’s MDM solution. The test was focused on device controls and the protection of corporate data, all things which the client had configured and none of which will be talked about here. Instead, during the course of the test […]

Cody Wass
January 9th, 2018

Four Ways to Bypass Android SSL Verification and Certificate Pinning

Gone are the days when mobile applications stoically ignored all manner of SSL errors and allowed you to intercept and modify their traffic at will. Instead, most modern applications at least check that the certificate presented chains to a valid, trusted certificate authority (CA). As pentesters, we’d like to convince the app that our certificate […]