Web security
A list of folks passionate about web security and related topics I follow to stay on top of cool web bugs, web platform security features and fixes. I'm still growing this list, if you regularly post about web security topics or know someone else who does reach out.
Created by
@webappsec.dev
@empijei.bsky.social
Security Toolsmith Posts mostly about Go, banter, web development, security and cooking. https://empijei.science
@christian-folini.ch
Web application security guy with a passion for OWASP's open source WAF projects and National Cyber Strategy. Maintains "Swiss Cyber Security" starter pack and cherishes his small collection of medieval helmets.
@lirantal.com
🦄 Node.js Secure Coding: http://nodejs-security.com 🌟 @GitHub Star 🏅 @OpenJS Pathfinder award for Security 🥑 DevRel at @snyksec
@fortuna.bsky.social
Co-Founder & CTO @Jscrambler Speaker at #JavaScript and #AppSec events #OWASP Porto Chapter Leader
@jasvir.bsky.social
Advisor & builder. Formerly security @dropbox, product @instart & @google, authored Surreptitious Software, TL for Caja. I love good food, fine wine & great JS.
@mohansrk.bsky.social
Founder @ElectrovoltSec Browser and Web Security @cure53berlin, Blockchain Security @osec_io, Rambling on http://mohansrkp.substack.com
@sirdarckcat.bsky.social
@tomnomnom.com
Open-source tool maker/hacker. Author of gron, anew, and a dozen dinky security tools. He/him. Tools: http://github.com/tomnomnom @TomNomNom on the other site
@jub0bs.com
infosec enthusiast • Go dev & trainer • minimalist • atheist • chaotic good • trying to make sense of the Web • he/him Blog: https://jub0bs.com Free Go (golang) course: https://github.com/jub0bs/go-course-beginner Free 🇵🇸! Leave 🇱🇧 alone!
@lcamtuf.coredump.cx
Substack: http://lcamtuf.substack.com/archive Homepage: http://lcamtuf.coredump.cx
@april.social
Staff Security Engineer at some random tech company, previously Mozilla, Dropbox, and (pre-Elon) Twitter. Has read @kateconger.bsky.social’s autobiography. web @ grayduck.mn // also github.com/april
@miki.it
💼: Staff Information Security Engineer at Google. 🛠️: Rosetta Flash, BitIodine. 💛: web security, ⟠, ₿, finance. Data is the most dangerous form of opinion.
@feross.bsky.social
🧙♂️ Mad scientist • ✨ Founder + CEO @Socket.dev (http://socket.dev) •🌲 Stanford lecturer (http://cs253.stanford.edu) • ❤️ Open source at WebTorrent + StandardJS
@righettod.eu
👨💻 AppSec enthusiast | 🐶 Addicted to Shetland Sheepdogs | 🌏 Open Source/AppSec/OWASP junkie | 🐝 OWASP Secure Headers Project Leader. 🚩 Opinions mentioned are mine.
@mccune.org.uk
Security geek, Containers, Kubernetes, Golang/Ruby, hillwalking Home Page :- https://www.mccune.org.uk Blog:- https://raesene.github.io
@agarri.fr
Web hacker 😈 Burp Suite Pro trainer 👨🏫 Maintainer of @mastering-burp.agarri.fr 🛠️
@minimalblue.bsky.social
Senior Scientist @TU Wien / Web & Mobile Security / #drumandbass DJ 🚩 with @mhackeroni.bsky.social We_0wn_Y0u kukhofhackerei Team Austria 🔗 https://minimalblue.com/
@harisec.bsky.social
Interested in web security, bug bounties, machine learning and investing. SolidGoldMagikarp
@garethheyes.co.uk
javascript:/*--></title></style></textarea></script></xmp><svg/onload='-/"/-/onmouseover=1/-/[*/[]/-alert(1)//'> https://garethheyes.co.uk/#latestBook
@jameskettle.com
Director of Research at @portswigger.net Also known as albinowax Portfolio: https://jameskettle.com/
@shehackspurple.bsky.social
Best-selling author of Alice and Bob Learn Secure Coding & Alice and Bob Learn Application Security. Secure Code Trainer - Nerd @Semgrep #AppSec she/her https://shehackspurple.ca 🌻
@irsdl.bsky.social
Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker, X: @irsdl https://secproject.com/ https://soroush.me/ https://burpsuite.ninja/
@dcuthbert.bsky.social
Ageing hacker. Black Hat Review board. Now sitting on numerous government cyber security boards so I guess that means I’ve grown up right?
@seanwrightsec.com
Principal Application Security Engineer focused on all things #AppSec. Occasionally dabble in my own research. Also keen gamer and aspiring photographer.
@webtonull.bsky.social
Security researcher at Crosspoint Labs. AppSec. Tweets are my own and do not express the opinion of my employer. OWASP. retire.js
@spazef0rze.bsky.social
In your web, securing your app. Hacker, webdev, speaker, engineer. Security shoptet.cz, ex-report-uri.com, ex-teenager. HTTPS = How To Transfer Private Sh💩. Also https://infosec.exchange/@spazef0rze
@philippederyck.bsky.social
I help developers protect companies through better web security
@benstock.bsky.social
Tenured Faculty @c-i-s-p-a.bsky.social Helmholtz Center for Information Security
@terjanq.me
security enthusiast that loves hunting for bugs in the wild. co-founder and player of @justCatTheFish. infosec at @google. opinions are mine. From: https://twitter.com/terjanq
@agektmr.com
Google Chrome DevRel Identity Tech Lead - Anything about browser identity features: passwords, OTPs, passkeys, identity federation, digital credentials, etc
@estark.bsky.social
Encryption, HTTPS, certificates, web security, security UX, software engineering and management, TMI about parenting. Opinions are my own.
@apf.bsky.social
I like writing silly skeets, but that doesn't pay so I also make Google Chrome. mamá, Eng Director, volunteer at Second Harvest. 🇺🇲🇨🇷 Twitter: @__apf__
@webappsec.dev
Leading Google's web security team. Passionate about web security and making secure-by-default web development the norm. Contributed to web platfom security features like CSP, Fetch Metadata, COOP and Trusted Types.