Keeping up with trends and breakthroughs in such an ever-changing field as Application Security (AppSec) is not simple. Whether you’re an enthusiast, a beginner or working in the field, there’s always something new to be learned.
Twitter is one of our favorite platforms to keep up with industry influencers. It provides us with a quick way to keep up with trending news, but also with straight-to-the-point opinions from these leading experts.
If you’re looking to keep up with developments in AppSec, here are some must-follow accounts (plus some featured tweets):
1 — Mikko Hypponen
Nearing 200,000 subscribers, Mikko (@mikko) has an accomplished career both as a researcher and a writer on online security. This Finn may label himself as a “Supervillain”, but he has long been an advocate of spreading knowledge on security issues.
2 — Troy Hunt
Even if you don't know who Troy (@troyhunt) is, you've likely heard of his creation Have I Been Pwned?. Author on Pluralsight and Microsoft Regional Director, Troy's Twitter is an excellent source of information for best security practices, concerns, and trends.
I've wanted to do this post for ages & it's finally done - "Here's Why Your Static Website Needs HTTPS". It's a 24 min video showing a bunch of nasty stuff that can happen to any site served insecurely from crypto miners to credential phishing to Clippy: https://t.co/6FfQV7X7bc— Troy Hunt (@troyhunt) July 12, 2018
3 — Dan Goodin
You have probably already heard of Dan (@dangoodin001), a seasoned journalist who has ventured into exploring white, grey, and black-hat exploits. You can find him writing on Ars Technica, and his Twitter is always a good source of information on recent scams, leaks, and outbreaks of malicious code.
4 — Parisa Tabriz
Parisa (@laparisa) is pretty straightforward on what she does — she's an absolute Browser Boss. Featured on Forbes' 2012 "Top 30 People Under 30 To Watch in Tech", Parisa works at Google as Chrome's security "princess". You'll find her tweeting on browser security.
5 — Pedro Fortuna
Jscrambler’s own Pedro Fortuna (@pedrofortuna) is no stranger to the main AppSec stages. Author of several application security patents, he is a seasoned speaker with several talks at OWASP events, BSides conferences, and DEF CON. You’ll find him tweeting on Application Security, Reverse Engineering, Malware, and Software Engineering.
6 — Katie Moussouris
Always extremely active on Twitter, Katie (@k8em0) has earned quite a following. She's a passionate advocate for responsible security research, so you'll often see her discussing emerging threats and giving shout-outs to other researchers.
7 — Scott Helme
Scott Helme (@Scott_Helme) has long been making HTTPS his mission. Working as a security researcher for quite some time, he has become a featured speaker and influencer for online security. If there's an account you should follow to keep up with encryption and SSL, this is it.
The Canadian Government are going to require all of their public sites have HTTPS and HSTS! This is a great step forwards and will hopefully set a good example for other governments and sites around the world. 🔒 https://t.co/Q9lGMtR8SU— Scott Helme (@Scott_Helme) June 28, 2018
8 — Graham Cluley
We closely follow Graham (@gcluley) on Twitter for quite some time. The UK-based independent security analyst has been in the cybersecurity space since the 1990's. Besides his tweets on current security events, he also co-hosts an unconventional security podcast.
9 — Brian Krebs
New York Times bestseller author Brian Krebs (@briankrebs) is best known for his in-depth investigative journalist work on cybercrime. He seems to always be on top of security breaches, and his own blog hosts several tips for companies and developers.
10 — Mario Heiderich
Mario (@0x6D6172696F) has been a keynote speaker at AppSec Europe and keeps his tweets mostly on app security exploits. He currently does research on security, in projects such as HTML5 Security Cheatsheet, DOMPurify, and HTTPLeaks.
That's it, I am not gonna open any JSON file anymore!— .mario📎 (@0x6D6172696F) March 9, 2018
Background: HTML injection into hover help in Eclipse's JSON editor, running AppleWebKit/605.1 on file:/// like it's 2001 pic.twitter.com/l2I8V7V9lt
11 — Michele Spagnuolo
Michele (@mikispag) was the youngest Offensive Security Certified Professional (OSCP) at date (2007) and is now working at Google. You’ll find him tweeting a lot about CSP, Rosetta Flash, and BitIodine.
12 — Ashar Javed
Guest speaker on multiple security conferences and #1 on Microsoft's Security Response Center Top 100 Security Researchers. Ashar (@soaj1664ashar) keeps his Twitter audience engaged with content on XSS, security compliance, and proper security practices.
Twitter can be overwhelming. Everyone seems to have a statement to make and finding the right people to follow can be quite the challenge.
If you're looking to upgrade your Twitter feed, this is a great place to start!