21 AppSec Pros to Follow in 2021

21 AppSec Pros to Follow in 2021

Application Security Posture Management Author
Gal Nagli
March 18, 2021

21 AppSec Influencers to Follow in 2021

Application security, or AppSec, is a fast-growing, advanced field of cybersecurity. This field focuses on the unique business applications created by companies large and small. In today’s “Software is eating the world” era, the code developed by companies becomes one of its most critical business assets. 

One of the main challenges in AppSec today is the extreme proliferation and diversity of implementations. If you task two developers to build the same application using the same coding language, you’ll get two very different solutions, each one with unique security problems. To succeed in writing secure software, it is crucial for a company to be able to map its software assets and properly test them, which requires the teams to be familiar with the hazards relevant to its technology.

As a AppSec researcher at enso security, a company that focuses on innovating the AppSec field, I continuously seek to learn and take inspiration from the AppSec community. Social media is one of the most community-supporting and fun resources available, that’s free to all and useful for hard-core AppSec professionals as well as novice bounty hunters.

We have compiled a list of experts -- hackers, analysts, bug bounty hunters and cyber sleuths -- who provide practical tips regarding techniques and tools, share knowledge on the most recent vulnerabilities, and do so in a way that sparks the unique kind of thinking required in the AppSec field.

Fredrik Alexandersson


STÖK is a cyber security expert, hacker, keynote speaker and content creator. He provides diverse content, that includes his show “Bounty Thursdays” on his youtube channel. On the show, he shares all the latest information about new AppSec tools, upcoming cons and contests, and lots of tips for Bug Bounty hunters and AppSec enthusiasts.

 Ben Sadeghipour


Nahamsec is the Head of Hacker Education on HackerOne as well as the co-founder of recon.dev. He regularly shares interesting AppSec content, and operates a successful twitch channel where he hosts the best Bug Bounty Hunters worldwide.

Jason Haddix


Jason serves as the Director of Application Security Engineers and Technical Operations at UbiSoft. Jason is famous for his series of "The Bug Hunter Methodology" which has inspired thousands of Appsec researchers worldwide.

Ron Chan


Ron is a Security Engineer at GitLab, He is one of the world's top Bug Bounty Hunters, ranked 15 at HackerOne's all-time leaderboard. Ron Operates a youtube channel named Reconless, where he shares some of his write-ups and personal discoveries, and shares new tools and techniques.

Sam Curry


Sam is a full-time bug bounty hunter. He runs a successful blog that better explains web application security. Sam shares his methodology and techniques to find security vulnerabilities in large companies. In September 2020, he led a group of 4 AppSec researchers who hacked Apple for 3 months, and described Apple’s entire processes in great detail.



Sean is a WebApp hacker. He teaches others how to find vulnerabilities in web apps and guides them in bug bounties. He runs bugbountyhunter.com - a platform which replicates "real world vulnerabilities" on a testing environment, for education purposes. He has great resources regarding AppSec on his youtube channel and on his "zseano's methodology" book.

James Kettle


James is the Director of Research at PortSwigger Web Security, who constantly updates his twitter feed with new research he conducts. He is considered one of the top AppSec researchers and an engaging speaker.

Daniel Miessler


Daniel is a virtual CISO, He also produces a podcast called “Unsupervised Learning” that explores the convergence of security, technology, and humans. Daniel is thecreator of https://github.com/danielmiessler/SecLists which is considered the best pool of wordlists available for AppSec researchers.

Shubham Shah


Shubham is the Co-founder of Assetnote and a security researcher who provides wonderfully detailed AppSec posts on his twitter profile.

Michael Skelton


Michael is the Global Head of Security Ops and Researcher Enablement at BugCrowd, he operates a youtube channel and several AppSec tools such as NoSQLMap, Interlace and Crithit.

Somdev Sangwan


Somdev is an open-source tools maker, he is the creator of a bunch of useful tools for AppSec assessment such as Arjun / XSStrike and more. He often tweets useful tips including methods to implement when searching for misconfigurations on web applications.

Tom Hudson


Tom is an Open-source tool maker, security researcher, trainer and talker. He has developed some of the most widely used tools among AppSec professionals worldwide. He is also a top Bug Bounty hunter and provides useful tips and tricks on his profile and at various AppSec conferences.

orange tsai


Orange tsai is a top security researcher, who is the brain behind the SSL VPN cve's that emerged in September 2019. He has unique techniques and tweets and maintain an active blog about critical and severe exploits that are worth following. 

Harsh Jaiswal


Harsh is an Application Security Engineer at Vimeo. He conducts web security research and publishes great critical AppSec write ups on his twitter feed, including his latest RCE on Apple.

Sandeep Singh


Sandeep is the co-founder of ProjectDiscovery.io, who are in charge of developing game changing tools for AppSec assessments including nuclei, subfinder and many more, he is also ranked 7th on the HackerOne all time leaderboard.

Youssef Sammouda


Youssef is a Cyber Security Expert and Bug Bounty hunter. He is most famous for his findings on the Facebook Whitehat program. He also publishes his great write ups which elaborate how he finds critical vulnerabilities on facebook and it's subsidiaries.

Gareth Heyes


Gareth is a Security Researcher at PortSwigger who is best known for his work of escaping JavaScript sandboxes, and creating elegant XSS vectors, he often shares through his twitter account useful tips and bypasses.

Harsh Bothra


Harsh Bothra is currently working as a Cyber Security Analyst at RedHunt Labs, and is a part-time Bug Hunter. Harsh operates a "365 days learning challenge" that focuses on AppSec topics, and shares the processes on his twitter feed.

Farah Hawa


Farah works as an Application Security Engineer at BugCrowd. She is a bug bounty hunter who learns every day and shares useful resources as she moves along. Farah creates technical content for bug bounty hunters & web application penetration testers and interviews some amazing people in information security for her YouTube channel which has over 23,000 subscribers.
If you ever want to explore certain AppSec content in a beginner friendly manner, it could be the right place for you!

Jobert Abma


Jobert is the co-founder of HackerOne. He tweets and speaks in conferences about security and his own experience as a hacker, he tends to share tools and tips on his twitter profile.

Grzegorz Niedziela


Grzegorz is a pentester and Youtube content creator, during the last year he created and operated the youtube channel "Bug bounty Reports Explained", where he thoroughly explains the most impactful Bug Bounty reports by breaking them down into small pieces with explanatory videos that are easy to understand.


Get started today with Application Security Posture Management.

Privacy Policy

Subscribe for updates

Don’t miss out
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Share on

There’s more to see

Application Security Management
Enso Security joins Snyk: Enabling security leaders to scale their AppSec program with ASPM
A message from Enso’s CEO Roy Erlich on this momentous occasion
Read now
Application Security Management
An effective AppSec program starts with the right Shift-Left
Case Study: Enso Security + GitHub Advanced Security. How ASPM provides the business context for the best of developer-led security solutions.
Read now
Application Security Management
Code Review - The Good, the Bad, and the Hard to Swallow.
With a little constructive criticism, prioritization and automation, we can make code reviews a painless process for all involved!
Read now