Do app sec like a boss: The top 25 pros to follow – Digitalmunition




Featured like-a-boss-app-sec-twitter.jpg

Published on April 2nd, 2021 📆 | 1954 Views ⚑

0

Do app sec like a boss: The top 25 pros to follow

Attacks on the application layer can be the hardest to defend against. User input scenarios for your apps can be difficult to identify with intrusion detection signatures. On top of that, the layer is the most accessible and exposed to the Internet. It’s a recipe for trouble.That’s why application security soldiers need to stay on top of what’s happening in their field. Here’s our updated list of 25 top pros whose Twitter feeds can help anyone who is interested in keeping their applications safe and their company more resilient.Katy AntonLead security architect, JPMorgan Chase & [email protected] works with software architects, software developers, and security teams around the world and advises them about securing their software. She’s also one of the leaders on the OWASP Top Ten Proactive Controls Project and an international speaker on topics related to application security at both developer and security conferences.Kurt BaumgartnerPrincipal security researcher, Kaspersky Lab’s Global Research and Analysis [email protected]_secBaumgartner monitors malware across the Americas. His specialties include reversing and analyzing known and unknown malware and identifying unique behaviors and static characteristics. In addition to tweeting, he blogs.Michael CoatesCo-founder and CEO, Altitude [email protected]_mwcIn addition to his day job, Coates is an advisory board member of the Millennium Alliance, a networking and education group made up of industry leaders and visionaries. He is also the former head of security at Mozilla and Twitter, as well as a past chairman of the global board of directors at OWASP.Josh CormanSenior adviser and visiting researcher, the Cybersecurity and Infrastructure Security [email protected] co-founded I Am The Cavalry, a global grass-roots organization. It’s focused on the intersection of computer security, public safety, and human life, concentrating on medical devices, automobiles, home electronics, and public infrastructure.Dan CornellCTO, the Denim [email protected] is a globally recognized expert in application security. He leads the team at the Denim Group that helps Fortune 500 companies and government organizations integrate security throughout the development process. He offers his followers insightful advice and tips about the latest app sec research coming from his company.Dino A. Dai ZoviHead of security, Cash [email protected] Zovi co-founded Capsule 8, a real-time, zero-day attack detection platform, and co-wrote several books, including The iOS Hacker’s Handbook, The Mac Hacker’s Handbook, and The Art of Software Security Testing. He’s also a regular speaker at security conferences, including Black Hat and Defcon.Mark DowdDirector, L3 [email protected] Trenchant is owned by defense contractor L3 Technologies. Over Dowd’s 10 years in application security, he has worked at IBM’s Internet Security Systems (ISS) X-Force and as a principal security architect for McAfee.Tom EstonApplication security practice director, Bishop [email protected]’s employer is a professional services firm focused on offensive security testing. Easton frequently speaks at user groups, businesses, and worldwide conferences including SANS, OWASP AppSec, ShmooCon, DEFCON, Black Hat USA, Black Hat Abu Dhabi, InfoSec World, Notacon, DerbyCon, and ISSA summits. He is also the founder and co-host of the Shared Security Show, a podcast that includes news, tips, advice, and interviews with cybersecurity and privacy experts.Mark GoodwinApplication security specialist, [email protected]_goodwinFormerly with Mozilla, Goodwin is a developer turned information security specialist. His specialties include web application security, ethical hacking, penetration testing, and application security.Robert GrahamCEO, Errata [email protected]’s accomplishments include creating the first intrusion prevention system, the BlackICE series of products, sidejacking, and masscan. A frequent speaker at security conferences, he has strong opinions—he refers to himself as a “provocateur”—and his Twitter feed reflects that.Jeremiah GrossmanCEO, Bit [email protected]’s resume includes information security officer at Yahoo and founder, in 2001, of WhiteHat Security. As a researcher, he has demonstrated ways to surreptitiously turn on anyone’s computer video camera and microphone from anywhere across the Internet, and how to sidestep corporate firewalls, abuse online advertising networks to take any website offline, hijack the email and bank accounts of millions, and silently rip out saved passwords and surfing histories from any web browser.Ben HawkesTeam lead, Google’s Project [email protected] is a founding member of the team created to find zero-day vulnerabilities in software. He has discovered dozens of serious vulnerabilities in a variety of software platforms and regularly presents and publishes research focused on vulnerability analysis and software exploitation.Tanya JancaFounder, We Hack [email protected] is the author of Alice and Bob Learn Application Security. Her primary passion is We Hack Purple, an online learning academy, community, and weekly podcast that revolves around teaching everyone to create secure software. She has been coding and working in IT for more than 20 years and has delivered hundreds of talks and training sessions on six continents.Ashar JavedPentester, Hyundai AutoEver [email protected] addition to penetration testing, Javed performs source code reviews and mobile application vulnerability assessments. He works with developers and third-party vendors to eliminate web vulnerabilities in their applications. He’s frequently invited to speak at conferences such as Black Hat, Hack in the Box, and RSA, and is the author of the Respect XSS blog.Dan KennedyResearch director, information security and networking, the 451 [email protected] offers coverage and insights about the application security space and spends most of his days talking to CISOs. His tweets focus on top-line application security issues.Mohit KumarFounder and CEO, Hacker [email protected]_rootKumar’s online publication attracts more than 10 million readers every month. He is also founder and organizer of the Hackers Conference, which brings together leaders in the information security industry and the cyber community, along with policymakers and government representatives, to address topical cybersecurity issues. Many of his tweets are touts for HN stories, but he also mixes in retweets about application security from other sources.Malik MesellemCEO, [email protected]_IT Mesellem is an independent security auditor, penetration tester, and ethical hacker, and has given master classes, lectures and workshops at conferences and at several institutions. He’s also the creator of #bWAPP, an intentionally buggy open-source web application. It was designed to be insecure as an educational tool for security enthusiasts, developers, and students who want to learn about preventing web vulnerabilities.Gary McGrawCo-founder, the Berryville Institute of Machine [email protected] has written 12 books, including Software Security: Building Security In. At Berryville, his focus is on security engineering of machine-learning solutions. His Silver Bullet Security podcast, which features in-depth interviews with security experts, reaches 13,000 listeners every month. When he’s not tweeting or podcasting about security, McGraw plays the fiddle and mandolin with local bands.Katie MoussourisFounder and CEO, Luta [email protected]’ company helps businesses and governments work with hackers to defend themselves from digital attacks. She’s a well-known authority on bug bounty programs and helped Microsoft and the US Department of Defense start their first programs. She is also founder of the Pay Equity Now Foundation, which seeks to inspire and support efforts to close the gender and racial pay gaps.Chris RomeoCEO and founder, Security [email protected]’s firm provides application security training and helps companies create their own security cultures. He previously worked as chief security advocate in charge of Cisco’s Secure Development Lifecycle program, where he encouraged engineers to build security into all products. He is also co-host of the Application Security Podcast, which talks with some of the world’s leading application security experts to reveal the tools, tactics, projects, and tricks that make them successful.Parisa TabrizHead of product engineering and UX, Google [email protected] is the “browser boss” and “security princess” for Chrome. During the Obama administration, she worked for the US Digital Service, where she advised the Executive Office of the President on best practices to enhance network and software security.Johannes UllrichDirector, the SANS Internet Storm [email protected] SANS Internet Storm Center is used by more than 10,000 network security professionals daily. Ullrich is also dean of research at the SANS Technology Institute and teaches courses at the SANS Institute. His offerings include SEC503 Intrusion Detection in Depth, IPv6 Security Essentials, and Defending Web Applications.Mike WestSoftware engineer, Google [email protected] describes himself as a philosophy student cleverly disguised as a successful web developer. At the moment, he has traded Kant for his Google job on a team in Munich. Many of his tweets focus on web application security.Robin WoodFreelance security [email protected] specializes in web app testing. He comes from a developer’s background, which can be a plus when explaining security problems in apps to the people who made them. He’s also co-founder of the SteelCon conference and an associate lecturer at Sheffield Hallam University in the UK. He likes to mix a little whimsy into his Twitter feed.Chris WysopalCTO and co-founder, [email protected] former programmer at Lotus and later a security researcher at the hacker collective L0pht, Wysopal was part of a team that warned Congress about gaping Internet vulnerabilities as far back as 1998. A self-professed application security and security-transparency buff, Wysopal’s tweets are newsy and cover a wide range of security-related topics. Keep learning
originally appeared on Source link

Tagged with:



Leave a Reply