Application Security Web Security

12 AppSec Experts You Should Follow on Twitter

August 21st, 2018 | By Jscrambler | 4 min read

Keeping up with trends and breakthroughs in such an ever-changing field as Application Security (AppSec) is not simple. Whether you’re an enthusiast, a beginner or working in the field, there’s always something new to be learned.

Twitter is one of our favorite platforms to keep up with industry influencers. It provides us with a quick way to keep up with trending news, but also with straight-to-the-point opinions from these leading experts.

If you’re looking to keep up with developments in AppSec, here are some must-follow accounts (plus some featured tweets):

1 — Mikko Hypponen

Nearing 200,000 subscribers, Mikko (@mikko) has an accomplished career both as a researcher and a writer on online security. This Finn may label himself as a “Supervillain”, but he has long been an advocate of spreading knowledge on security issues.

2 — Troy Hunt

Even if you don't know who Troy (@troyhunt) is, you've likely heard of his creation Have I Been Pwned?. Author on Pluralsight and Microsoft Regional Director, Troy's Twitter is an excellent source of information for best security practices, concerns, and trends.

3 — Dan Goodin

You have probably already heard of Dan (@dangoodin001), a seasoned journalist who has ventured into exploring white, grey, and black-hat exploits. You can find him writing on Ars Technica, and his Twitter is always a good source of information on recent scams, leaks, and outbreaks of malicious code.

4 — Parisa Tabriz

Parisa (@laparisa) is pretty straightforward on what she does — she's an absolute Browser Boss. Featured on Forbes' 2012 "Top 30 People Under 30 To Watch in Tech", Parisa works at Google as Chrome's security "princess". You'll find her tweeting on browser security.

5 — Pedro Fortuna

Jscrambler’s own Pedro Fortuna (@pedrofortuna) is no stranger to the main AppSec stages. Author of several application security patents, he is a seasoned speaker with several talks at OWASP events, BSides conferences, and DEF CON. You’ll find him tweeting on Application Security, Reverse Engineering, Malware, and Software Engineering.

6 — Katie Moussouris

Always extremely active on Twitter, Katie (@k8em0) has earned quite a following. She's a passionate advocate for responsible security research, so you'll often see her discussing emerging threats and giving shout-outs to other researchers.

7 — Scott Helme

Scott Helme (@Scott_Helme) has long been making HTTPS his mission. Working as a security researcher for quite some time, he has become a featured speaker and influencer for online security. If there's an account you should follow to keep up with encryption and SSL, this is it.

8 — Graham Cluley

We closely follow Graham (@gcluley) on Twitter for quite some time. The UK-based independent security analyst has been in the cybersecurity space since the 1990's. Besides his tweets on current security events, he also co-hosts an unconventional security podcast.

9 — Brian Krebs

New York Times bestseller author Brian Krebs (@briankrebs) is best known for his in-depth investigative journalist work on cybercrime. He seems to always be on top of security breaches, and his own blog hosts several tips for companies and developers.

10 — Mario Heiderich

Mario has been a keynote speaker at AppSec Europe and keeps his tweets mostly on app security exploits. He currently does research on security, in projects such as HTML5 Security Cheatsheet, DOMPurify, and HTTPLeaks.

Note: Mario recently deleted his Twitter account.

11 — Michele Spagnuolo

Michele (@mikispag) was the youngest Offensive Security Certified Professional (OSCP) at date (2007) and is now working at Google. You’ll find him tweeting a lot about CSP, Rosetta Flash, and BitIodine.

12 — Ashar Javed

Guest speaker on multiple security conferences and #1 on Microsoft's Security Response Center Top 100 Security Researchers. Ashar (@soaj1664ashar) keeps his Twitter audience engaged with content on XSS, security compliance, and proper security practices.

Final Thoughts

Twitter can be overwhelming. Everyone seems to have a statement to make and finding the right people to follow can be quite the challenge.

We at Jscrambler (@Jscrambler) actively follow and engage with influencers and these 12 AppSec experts are always on top of our list.

If you're looking to upgrade your Twitter feed, this is a great place to start!

Lastly, if you want to secure your JavaScript source code against theft and reverse-engineering, you can try Jscrambler for free.


The leader in client-side Web security. With Jscrambler, JavaScript applications become self-defensive and capable of detecting and blocking client-side attacks like Magecart.

View All Articles

Subscribe to Our Newsletter