Whether you’re a newbie or an old-timer in the world of application security, Twitter is a great place to listen in and connect with some of the best and brightest in the industry. To help, we’ve compiled a list of some of our favorite tweeters to add to your own Twitter feed.
The list is a cross-section of people in Information Security and Application Security in specific – people whose Tweets we read daily. It’s in no way exhaustive, so please feel free to comment below with people we should add!
Many of these tweeters also maintain personal blogs revolving around application security, and we’ve included them in this post, as well. Build your blogroll along with who you follow on Twitter for double the industry insight!
Bonus: Follow the whole list on our Twitter list!
Troy Hunt @TroyHunt
Troy is a Sydney-based software architect, web security specialist and Microsoft MVP 4 years running. He recently launched a site that allows anyone to check if their email or username has been compromised in major breaches, such as last month’s major Gmail breach. Aptly named haveibeenpwned.com, it’s worth a bookmark for future reference.
Follow Troy for insight into his research, updates for his site, and other security news. You can read more about his musings into the world of software development and web security at his blog.
Dan Cornell @danielcornell
With over twelve years of experience in developing and architecting secure software for the web, Dan’s got a breadth of knowledge to share with his followers. Follow Dan for great advice about security awareness and excellent AppSec research coming from The Denim Group.
Wendy Nather @wendynather
Wendy is a current Research Director of Enterprise Security at 451 Research and a former CISO, and as such has lots of insights to share from her experiences. She was also named a Power Player this year by SC Magazine, so if you’re not following her, now’s the time!
Follow Wendy for interspersing serious security tweets with hilarious ones, making for an amazing timeline to peruse. Keep up with Wendy’s blog here.
Mark Dowd @Mdowd
An application security researcher and security company founder, Mark has found and disclosed significant vulnerabilities in Microsoft Exchange, Internet Explorer, Mozilla Firefox, and OpenSSH, to name a few. He also co-wrote ‘The Art of Software Security Assessment.’ Follow Mark for reliable security advice and news, mostly about Application Security.
Aloria is a security engineer, adjunct InfoSec professor and creator/curator of the hilarious @sec_reactions, which you should also follow. Her twitter account reflects all that, mixed in with witty tweets about security and life in general.
You can also keep up with Aloria on her blog.
Avram Marius @securityshell
A security engineer, consultant and ethical hacker, Avram has a passion for InfoSec and application security in specific. He’s found and disclosed significant vulnerabilities that have earned him credit from Google, Facebook, Twitter and many others. Follow Avram for security news and blog posts, security tool updates, and helpful tips.
Read Avram’s personal blog here.
Dan Goodin @dangoodin001
Ars Technica has an excellent security section on their site, and that’s thanks in great part to Dan’s reporting and articles. He’s been moving around the security journalism scene for going on a decade now and knows how to write his way around a variety of security topics.
He’s on paternity leave from Ars Technica until November so he won’t post new articles until then, but he’s still active on Twitter, and worth the follow.
Follow Dan’s posts on Ars Technica here.
Parisa Tabriz @laparisa
Parisa was a “hired hacker” when she joined Google’s security team seven years ago, and today manages the Google Chrome security engineering team.
Follow Parisa for info on what her team at Google is up to, other security-related info and articles. There’s also a decent mix of funny, non-security related tweets, as well.
Robin Wood @DigiNinja
Robin Wood is a security auditor specializing in web apps and Wi-Fi. Follow Robin for witty security musings, interesting research and the occasional funny (non-security related) video or comment.
Keep up with Robin on his personal blog.
Michael Zalewski @Icamtuf
Michael is on the Google Security Team, has been in the industry for going on 20 years, and if you’ve been following the news lately, he knows what he’s talking about. With the recent Shellshock drama, Michael discovered two further, unaddressed issues in the Bash function parser, one being the near-equivalent to the original Bash bug. Michael was a prolific Bugtraq submitter in its’ early days, and that passion has clearly stuck around – you’ll find it in both his Tweets and blog posts, which you can find here.
Graham Cluley @GCluley
The British security blogger got his start in the early 90s, leaving his senior technology consultant and writer position at Sophos last year to go solo on his own blog: grahamcluley.com. With new articles daily, you can count on Graham to cover the most popular security topics and news. Follow Graham, and you’ll never miss the hottest news in the industry.
Mohit Kumar @unix_root
Mohit, a security researcher and journalist, is the editor-in-chief of The Hacker News, which he founded in 2010. He retweets posts from The Hacker News, as well as articles and research about a variety of different security-related topics, including AppSec.
Follow Mohit for up-to-the-minute news and tips on staying secure.
Malik Mesellem @MME_IT
We’ve been lucky enough to interview Malik, a pen-tester and ethical hacker who also offers security training and education. To help teach AppSec newbies, developers and students, Malik created bWAPP, a Buggy Web Application run in PHP using a MySQL database. Follow Malik on Twitter for bWAPP updates, retweets of well-done security talks, and Application Security tips.
Read the ITSEC blog here.
Ashar Javed @soaj1664ashar
Ashar’s a web app sec researcher with claims to fame to discovering vulnerabilities for the likes of Google, Microsoft, Twitter, eBay and many more. He’s especially adept at hunting out XSS vulnerabilities.
Follow Ashar for a look into his world of XSS and another AppSec-related research. You can also catch him on the Garage4Hackers podcasts to hear more XSS-related discussion.
Michael Coates @_mwc
Michael is the Chairman of the Board at OWASP’s, a director of product security, and an ex-Mozilla Director of Security Assurance. Basically, Michael knows a lot about security and especially AppSec. Michael also founded AppSensor, an OWASP open-source project that detects and responds to attacks from with an application.
Follow Michael for OWASP news and initiatives, content about application security, and AppSensor updates.
Rich Mogull @rmogull
A security analyst and CEO at the company he founded, Securosis, and contributor to Dark Reading and TidBITS, Rich knows the ins and outs of security and can write about it – well. Follow Rich for a good mix of great security-related content and witty remarks.
Mark Goodwin @mr_goodwin
Mark works on application security for Mozilla and also spends his free time as the OWASP East Midlands, UK chapter co-leader. Mark’s twitter account offers lots of brilliant appsec content and guidance from himself and those he retweets and is a great person to have in your feed.
You can also follow his posts for the Mozilla blog here.
Pierluigi Paganini @SecurityAffairs
As a CISO, editor-in-chief of Cyber Defense Magazine and a member of ENISA, not to mention a certified Ethical Hacker, it’s safe to say Pierluigi is a well-rounded ‘security guy.’
Follow Pierluigi for industry news, security research, and his personal posts about security topics and keep up to date with Pierluigi’s blog here.
Maty Siman @Maty_Siman
This list couldn’t be completed without a little shameless self-promotion of one of the Checkmarx family – our CTO, Maty Siman. Tweeting a mix of AppSec news, talks and presentations, Maty is a newbie to the Twitter-verse but has a wealth of knowledge coming from his 20+ years in the field to share!
Who did we miss and who do you follow to stay up-to-date in AppSec? Let us know in the comments – we’ll happily add them to our Twitter list!
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.