21 AppSec Influencers to Follow in 2021
Application security, or AppSec, is a fast-growing, advanced field of cybersecurity. This field focuses on the unique business applications created by companies large and small. In today’s “Software is eating the world” era, the code developed by companies becomes one of its most critical business assets.
One of the main challenges in AppSec today is the extreme proliferation and diversity of implementations. If you task two developers to build the same application using the same coding language, you’ll get two very different solutions, each one with unique security problems. To succeed in writing secure software, it is crucial for a company to be able to map its software assets and properly test them, which requires the teams to be familiar with the hazards relevant to its technology.
As a AppSec researcher at enso security, a company that focuses on innovating the AppSec field, I continuously seek to learn and take inspiration from the AppSec community. Social media is one of the most community-supporting and fun resources available, that’s free to all and useful for hard-core AppSec professionals as well as novice bounty hunters.
We have compiled a list of experts -- hackers, analysts, bug bounty hunters and cyber sleuths -- who provide practical tips regarding techniques and tools, share knowledge on the most recent vulnerabilities, and do so in a way that sparks the unique kind of thinking required in the AppSec field.
STÖK is a cyber security expert, hacker, keynote speaker and content creator. He provides diverse content, that includes his show “Bounty Thursdays” on his youtube channel. On the show, he shares all the latest information about new AppSec tools, upcoming cons and contests, and lots of tips for Bug Bounty hunters and AppSec enthusiasts.
Nahamsec is the Head of Hacker Education on HackerOne as well as the co-founder of recon.dev. He regularly shares interesting AppSec content, and operates a successful twitch channel where he hosts the best Bug Bounty Hunters worldwide.
Jason serves as the Director of Application Security Engineers and Technical Operations at UbiSoft. Jason is famous for his series of "The Bug Hunter Methodology" which has inspired thousands of Appsec researchers worldwide.
Ron is a Security Engineer at GitLab, He is one of the world's top Bug Bounty Hunters, ranked 15 at HackerOne's all-time leaderboard. Ron Operates a youtube channel named Reconless, where he shares some of his write-ups and personal discoveries, and shares new tools and techniques.
Sam is a full-time bug bounty hunter. He runs a successful blog that better explains web application security. Sam shares his methodology and techniques to find security vulnerabilities in large companies. In September 2020, he led a group of 4 AppSec researchers who hacked Apple for 3 months, and described Apple’s entire processes in great detail.
Sean is a WebApp hacker. He teaches others how to find vulnerabilities in web apps and guides them in bug bounties. He runs bugbountyhunter.com - a platform which replicates "real world vulnerabilities" on a testing environment, for education purposes. He has great resources regarding AppSec on his youtube channel and on his "zseano's methodology" book.
James is the Director of Research at PortSwigger Web Security, who constantly updates his twitter feed with new research he conducts. He is considered one of the top AppSec researchers and an engaging speaker.
Daniel is a virtual CISO, He also produces a podcast called “Unsupervised Learning” that explores the convergence of security, technology, and humans. Daniel is thecreator of https://github.com/danielmiessler/SecLists which is considered the best pool of wordlists available for AppSec researchers.
Shubham is the Co-founder of Assetnote and a security researcher who provides wonderfully detailed AppSec posts on his twitter profile.
Michael is the Global Head of Security Ops and Researcher Enablement at BugCrowd, he operates a youtube channel and several AppSec tools such as NoSQLMap, Interlace and Crithit.
Somdev is an open-source tools maker, he is the creator of a bunch of useful tools for AppSec assessment such as Arjun / XSStrike and more. He often tweets useful tips including methods to implement when searching for misconfigurations on web applications.
Tom is an Open-source tool maker, security researcher, trainer and talker. He has developed some of the most widely used tools among AppSec professionals worldwide. He is also a top Bug Bounty hunter and provides useful tips and tricks on his profile and at various AppSec conferences.
Orange tsai is a top security researcher, who is the brain behind the SSL VPN cve's that emerged in September 2019. He has unique techniques and tweets and maintain an active blog about critical and severe exploits that are worth following.
Harsh is an Application Security Engineer at Vimeo. He conducts web security research and publishes great critical AppSec write ups on his twitter feed, including his latest RCE on Apple.
Sandeep is the co-founder of ProjectDiscovery.io, who are in charge of developing game changing tools for AppSec assessments including nuclei, subfinder and many more, he is also ranked 7th on the HackerOne all time leaderboard.
Youssef is a Cyber Security Expert and Bug Bounty hunter. He is most famous for his findings on the Facebook Whitehat program. He also publishes his great write ups which elaborate how he finds critical vulnerabilities on facebook and it's subsidiaries.
Harsh Bothra is currently working as a Cyber Security Analyst at RedHunt Labs, and is a part-time Bug Hunter. Harsh operates a "365 days learning challenge" that focuses on AppSec topics, and shares the processes on his twitter feed.
Steven Tseeley (mr_me)
Steven is an information security specialist who operates a blog where he shares some of his research, including how RCE against Microsoft Exchange Online servers was achieved.
Jobert is the co-founder of HackerOne. He tweets and speaks in conferences about security and his own experience as a hacker, he tends to share tools and tips on his twitter profile.
Grzegorz is a pentester and Youtube content creator, during the last year he created and operated the youtube channel "Bug bounty Reports Explained", where he thoroughly explains the most impactful Bug Bounty reports by breaking them down into small pieces with explanatory videos that are easy to understand.