21 AppSec Influencers to Follow in 2021
Application security, or AppSec, is a fast-growing, advanced field of cybersecurity. This field focuses on the unique business applications created by companies large and small. In todayâs âSoftware is eating the worldâ era, the code developed by companies becomes one of its most critical business assets.Â
One of the main challenges in AppSec today is the extreme proliferation and diversity of implementations. If you task two developers to build the same application using the same coding language, youâll get two very different solutions, each one with unique security problems. To succeed in writing secure software, it is crucial for a company to be able to map its software assets and properly test them, which requires the teams to be familiar with the hazards relevant to its technology.
As a AppSec researcher at enso security, a company that focuses on innovating the AppSec field, I continuously seek to learn and take inspiration from the AppSec community. Social media is one of the most community-supporting and fun resources available, thatâs free to all and useful for hard-core AppSec professionals as well as novice bounty hunters.
We have compiled a list of experts -- hackers, analysts, bug bounty hunters and cyber sleuths -- who provide practical tips regarding techniques and tools, share knowledge on the most recent vulnerabilities, and do so in a way that sparks the unique kind of thinking required in the AppSec field.
â
Fredrik Alexandersson
STĂK is a cyber security expert, hacker, keynote speaker and content creator. He provides diverse content, that includes his show âBounty Thursdaysâ on his youtube channel. On the show, he shares all the latest information about new AppSec tools, upcoming cons and contests, and lots of tips for Bug Bounty hunters and AppSec enthusiasts.
 Ben Sadeghipour
Nahamsec is the Head of Hacker Education on HackerOne as well as the co-founder of recon.dev. He regularly shares interesting AppSec content, and operates a successful twitch channel where he hosts the best Bug Bounty Hunters worldwide.
Jason Haddix
Jason serves as the Director of Application Security Engineers and Technical Operations at UbiSoft. Jason is famous for his series of "The Bug Hunter Methodology" which has inspired thousands of Appsec researchers worldwide.
Ron Chan
Ron is a Security Engineer at GitLab, He is one of the world's top Bug Bounty Hunters, ranked 15 at HackerOne's all-time leaderboard. Ron Operates a youtube channel named Reconless, where he shares some of his write-ups and personal discoveries, and shares new tools and techniques.
Sam Curry
Sam is a full-time bug bounty hunter. He runs a successful blog that better explains web application security. Sam shares his methodology and techniques to find security vulnerabilities in large companies. In September 2020, he led a group of 4 AppSec researchers who hacked Apple for 3 months, and described Appleâs entire processes in great detail.
zseano
Sean is a WebApp hacker. He teaches others how to find vulnerabilities in web apps and guides them in bug bounties. He runs bugbountyhunter.com - a platform which replicates "real world vulnerabilities" on a testing environment, for education purposes. He has great resources regarding AppSec on his youtube channel and on his "zseano's methodology" book.
James Kettle
James is the Director of Research at PortSwigger Web Security, who constantly updates his twitter feed with new research he conducts. He is considered one of the top AppSec researchers and an engaging speaker.
Daniel Miessler
Daniel is a virtual CISO, He also produces a podcast called âUnsupervised Learningâ that explores the convergence of security, technology, and humans. Daniel is thecreator of https://github.com/danielmiessler/SecLists which is considered the best pool of wordlists available for AppSec researchers.
Shubham Shah
Shubham is the Co-founder of Assetnote and a security researcher who provides wonderfully detailed AppSec posts on his twitter profile.
Michael Skelton
Michael is the Global Head of Security Ops and Researcher Enablement at BugCrowd, he operates a youtube channel and several AppSec tools such as NoSQLMap, Interlace and Crithit.
Somdev Sangwan
Somdev is an open-source tools maker, he is the creator of a bunch of useful tools for AppSec assessment such as Arjun / XSStrike and more. He often tweets useful tips including methods to implement when searching for misconfigurations on web applications.
Tom Hudson
Tom is an Open-source tool maker, security researcher, trainer and talker. He has developed some of the most widely used tools among AppSec professionals worldwide. He is also a top Bug Bounty hunter and provides useful tips and tricks on his profile and at various AppSec conferences.
orange tsai
Orange tsai is a top security researcher, who is the brain behind the SSL VPN cve's that emerged in September 2019. He has unique techniques and tweets and maintain an active blog about critical and severe exploits that are worth following.Â
Harsh Jaiswal
Harsh is an Application Security Engineer at Vimeo. He conducts web security research and publishes great critical AppSec write ups on his twitter feed, including his latest RCE on Apple.
Sandeep Singh
Sandeep is the co-founder of ProjectDiscovery.io, who are in charge of developing game changing tools for AppSec assessments including nuclei, subfinder and many more, he is also ranked 7th on the HackerOne all time leaderboard.
Youssef Sammouda
Youssef is a Cyber Security Expert and Bug Bounty hunter. He is most famous for his findings on the Facebook Whitehat program. He also publishes his great write ups which elaborate how he finds critical vulnerabilities on facebook and it's subsidiaries.
Gareth Heyes
Gareth is a Security Researcher at PortSwigger who is best known for his work of escaping JavaScript sandboxes, and creating elegant XSS vectors, he often shares through his twitter account useful tips and bypasses.
Harsh Bothra
Harsh Bothra is currently working as a Cyber Security Analyst at RedHunt Labs, and is a part-time Bug Hunter. Harsh operates a "365 days learning challenge" that focuses on AppSec topics, and shares the processes on his twitter feed.
Farah Hawa
Farah works as an Application Security Engineer at BugCrowd. She is a bug bounty hunter who learns every day and shares useful resources as she moves along. Farah creates technical content for bug bounty hunters & web application penetration testers and interviews some amazing people in information security for her YouTube channel which has over 23,000 subscribers.
If you ever want to explore certain AppSec content in a beginner friendly manner, it could be the right place for you!
â
â
Jobert Abma
Jobert is the co-founder of HackerOne. He tweets and speaks in conferences about security and his own experience as a hacker, he tends to share tools and tips on his twitter profile.
Grzegorz Niedziela
Grzegorz is a pentester and Youtube content creator, during the last year he created and operated the youtube channel "Bug bounty Reports Explained", where he thoroughly explains the most impactful Bug Bounty reports by breaking them down into small pieces with explanatory videos that are easy to understand.
Â
Get started today with Application Security Posture Management.
Privacy PolicySubscribe for updates