Roman @securecodeninja
a web builder & defender 🕷️ proud to be pinoy 🇵🇭 appsec quarterback 🛡️ romancanlas.com San Diego, CA Joined September 2018-
Tweets432
-
Followers123
-
Following752
-
Likes3K
We just shipped automated security reviews in Claude Code. Catch vulnerabilities before they ship with two new features: - /security-review slash command for ad-hoc security reviews - GitHub Actions integration for automatic reviews on every PR
Wasting time fuzzing hardened code without hitting new vulnerabilities. Legacy black-box fuzzers stall at validation checks, missing deeper bugs. In Chapter 8 of my new book From Day Zero to Zero Day, you'll explore the advanced techniques behind coverage-guided fuzzing using…
McDonald's uses an AI bot called "Olivia" for hiring. A pair of hackers found they could access every conversation job applicants had with it—including all the personal info they shared—by exploiting security flaws as basic as using the password "123456". wired.com/story/mcdonald…
Oktajacking - Using Okta to keylog for initial access or as a sneaky form of SAMLjacking for lateral movement from a compromised SaaS app. Massive shoutout to @_xpn_ as I used his great research for this, I just applied it to different kill chain phases. pushsecurity.com/blog/oktajacki…
👔 Security Architect & Principal Security Engineer Interview Questions A consolidated list of questions pulled from Glassdoor From: Netflix, Morgan Stanley, Wiz, & more * Technical * Behavioral and Influential * Frameworks/Design/Threat Modeling github.com/tadwhitaker/Se…
Just because you're using Okta, doesn't mean you're using SSO. I wrote a blog post covering: • What is SWA and what are the risks? • Extracting SWA passwords • Bypassing password reveal restrictions • Detection and response for Okta account breaches pushsecurity.com/blog/okta-swa/…
🛠️ Building a free Burp Collaborator with Cloudflare Workers How to use Cloudflare Workers to receive out-of-band connections during your web app testing (e.g. track when blind XSS triggers) and pipe the results to Discord blog.gbrls.space/blog/building-…
After the success of our security research, we decided to invest a $120k bounty and share our story and tools with you. Now, we are releasing an Automated Scans feature on VIDOC, allowing you to easily automate your #bugbounty hunting on a large scale! blog.vidocsecurity.com/blog/2022-summ…
😈 The Offensive ML Playbook A database of offensive ML TTPs covering: * Supply chain attacks * Offensive ML techniques * Adversarial ML Examples: * Poisoning an LLM’s ground truths * How to put malware in a model and distribute it By @WHITEHACKSEC wiki.offsecml.com/Welcome+to+the…
Just discovered a full account takeover on Grammarly.com, Vidio.com and more using a new OAuth attack technique. This is the last part of the OAuth trilogy; in total, we could take over 1+ BILLION accounts! salt.security/blog/oh-auth-a… #OAuth #hacking
What are HAR files? A HAR file is a recording of your current session & includes all web traffic including secrets & tokens. Admins usually share these files with customer support when troubleshooting issues. Here's a thread on how you can handle .har files safely. 🧵⬇️
🎓 Free Cybersecurity Course from Harvard An introduction to #cybersecurity for technical and non-technical audiences Self-paced, 2-6 hours/week over 5 weeks edx.org/learn/cybersec…
Chalk is now officially open source. Total visibility of your software engineering lifecycle. Designed for platform and security teams. eu1.hubs.ly/H05xD2d0
𝗟𝗲𝗮𝗿𝗻 𝗝𝗪𝗧 𝗹𝗶𝗸𝗲 𝘆𝗼𝘂'𝗹𝗹 𝗻𝗲𝘃𝗲𝗿 𝗳𝗼𝗿𝗴𝗲𝘁. 🧵
Now Generally Available: GitHub Advanced Security for Azure DevOps is ready for you to use devblogs.microsoft.com/devops/now-gen…
🗒️ Source Code Management Platform Configuration Best Practices Guide by @openssf for securing SCM platforms * Harden CI/CD pipelines against supply chain attacks * Branch protection policies and access controls/permissions * Server-level policies best.openssf.org/SCM-BestPracti…
🤖 promptfoo A tool for testing your prompts. Evaluate and compare LLM outputs, catch regressions, and improve prompt quality. github.com/promptfoo/prom…
Just stumbled upon some pretty dope talks by @naugtur ❤️ 📜 "Eval all the strings! Hardened JavaScript" youtube.com/watch?v=Qjeh7Q… and his free workshop he did @defcon on: 📜 "Defensive coding and hardened JavaScript" naugtur.pl/pres3/lava/wor… github.com/naugtur/js-tra…
🧠 Web AppSec Interview Questions A tough set of questions by @0xTib3rius covering: * XSS * CSRF * SQL injection * Web cache deception and poisoning * Session fixation * HTTP request smuggling * DOM clobbering * HTTP parameter pollution + much more tib3rius.com/interview-ques…
🌐 Wapalyzer A community fork of the deleted Wappalyzer project Can detect & identify the technologies used to build any website Supports patterns, regular expressions and coding finterprints By @Lissy_Sykes #bugbountytips github.com/Lissy93/wapaly…
Saqer Saqer Jubori @SaqerJubor11951
0 Followers 66 Following
Dan Sorensen @CISO_Dan
1K Followers 6K Following Chief Information Security Officer | Cybersecurity Engineer | GenAI & Leadership Public Speaker | Forbes Tech Council Member | Thought Leader, Visionary, Author
Leda Boehm @BoehmLeda34695
30 Followers 2K Following
Daniel @Daniel606623776
7 Followers 307 Following
Anna @koelpin29014
5 Followers 172 Following
DawnBruce @4UxJ3Qp836xh21
94 Followers 7K Following
Slawrawc @Slawrawchex
45 Followers 4K Following
Shijayth @shijayth85625
32 Followers 1K Following I live alone now and enjoy business, traveling, shopping, food and music. I have a calm personality and I hope we can be friends.
Cheryl @jacobscheryl11
241 Followers 3K Following
Marianne @marianne_butche
290 Followers 3K Following
HCLSoftware @HCLSoftware
39K Followers 16K Following We develop, market, sell, and support software for AI and Automation, Data, Analytics and Insights, Digital Transformation, and Enterprise Security.
Ismael Valenzuela @aboutsecurity
19K Followers 9K Following VP Labs, Threat Research & Intel @AWNetworks ▪️ Ex @Foundstone @Intel @McAfee @BlackBerry▪️ SANS Author & Senior Instructor #GSE 132 ▪️ #SEC530 #ThinkRedActBlue
Ray [REDACTED] @RayRedacted
67K Followers 8K Following Hacker, Researcher, Podcast Producer (Tribe of Hackers, Darknet Diaries). Proud dad of the fastest climber in the world. Ever. “Ut scandis, alios subleva”
T1nt1n @t1nt1nsn0wy
699 Followers 4K Following Noobie H4CK3R and researcher at @qualys. Prev @pwc. Views are my own :)
Dray | Offensive AppS... @driccosec
255 Followers 1K Following 🛡️ | SecOps Specialist & API Security Pro | OSCP Certified 🧾 | Web & Mobile App Pentester 🌐📱 | DM me to Test & Secure your Digital Assets 👇
Joe Ingeno @JoeIngeno
53K Followers 13K Following Software Architect | Developer | Author of Software Architect's Handbook https://t.co/fZ7mamCNLD
Megan Anderson @megancodeshere
34 Followers 349 Following I'm a software developer, tap-tap-tapping. Semi-professional account for code-sharing #100daysofcode, networking (blech), and related shenanigans.
Purplemet @purplemet
2K Followers 1K Following Purplemet is a non-intrusive (SaaS) solution for analyzing and monitoring the security of web applications. It gives you in a few seconds the level of security.
Shawn Lee @shawn25250
1 Followers 12 Following
Martin Lhotsky @JakinCz
53 Followers 2K Following
gogo @YUKAILIN15
9 Followers 65 Following
Seald | End-to-end en... @SealdPrivacy
2K Followers 3K Following Build secure-by-design applications with the highest security standard: end-to-end encryption. See https://t.co/zuG6aAG4Vj 🛡 #E2EE #zeroTrust #securityByDesign
Robert Beltran @rbeltran
992 Followers 772 Following #ProdSec/#AppSec Engineering Manager keeping you safe from insecure code
hun7er @arunagarwal13
20 Followers 329 Following
Nick Baker @nbaker_
94 Followers 285 Following Security Operations Lead @TechnologyOne / Technical Director @TheGameCrater. I love building and breaking code
scwang @scwang820
18 Followers 1K Following
Ben Kliger @benkliger
153 Followers 163 Following Co-Founder & CEO at @zenitysec | Proud babygirl dad | cyber security enthusiast | Glory glory man united
Heather V @Storyteller_HV
425 Followers 292 Following computational demonologist, professional chaos squirrel, level 25 netrunner (she/her) Views mine, not my corpo's @[email protected]
magicwj @magicwj
16 Followers 345 Following
Kaavs @Kaavs
2K Followers 2K Following An IT Cybersecurity Project Manager, author, artist, creator of Ideas, h4ck3r.
Redpoint Security @redpointsec
89 Followers 46 Following Code Security. By Coders. Dynamic Assessments, Code Reviews, DevSecOps Training & Consulting, also Surveyor™ - Application Behavior Analysis tool
Silent Breach @SilentBreach
5K Followers 4K Following Silent Breach specializes in network security and digital asset protection.
Anibal @anibalvera
215 Followers 1K Following Evangelista de la seguridad informática, promotor de conocimiento y software libre, Conferencista , Computer Science UCV, Padre y esposo de una Reina.
Rubismar @Rubismar11
2 Followers 29 Following
Phillip Patrick @secure_the_code
564 Followers 586 Following Enhance your Soft Skills first & foremost. Focused primarily on code security and security architecture. Certifications: AWS, CISSP, CEH, SANS GWAPT, Security+
Ashish Desai @developerhughes
140 Followers 3K Following
Muhammad Habib Jawady @jawady_habib
24 Followers 236 Following Infosec hobbyist studying networking and telecommunications @ ISETCOM Intern at some infosec company
abhijith @abhijithboppe
7 Followers 51 Following #infsec #pentest #python | web application penetration testing | network penetration testing | IoT penetration testing | python developer
Whimmery🕊️ @Whimmery
2K Followers 1K Following InfoSec, Animation, Christian https://t.co/WqootEdPxc https://t.co/te9TAyK6tg
Thinkst Canary @ThinkstCanary
13K Followers 10K Following Most companies only realise they are breached when informed by a 3rd party. This is a stupid problem! Thinkst Canary. Know. When it Matters.
Dustin Cox @dustinbcox
35 Followers 2K Following
Claude @claudeai
109K Followers 1 Following Claude is an AI assistant built by @anthropicai to be safe, accurate, and secure. Talk to Claude on https://t.co/ZhTwG8dz3D or download the app.
Jonathan Leitschuh - ... @JLLeitschuh
4K Followers 616 Following Inaugural Dan Kaminsky Fellow | Security Researcher for the OSS Ecosystem | Speaker | Dropper of 0days (Responsibly) | @GitHub Star ⭐️ | Opinions=Mine | He/Him
Andy Zou @andyzou_jiaming
4K Followers 67 Following PhD student at CMU, working on AI Safety and Security
Arin Goldsmith @ArinGoldsmith
18K Followers 1K Following Blizzard Employer Brand Lead 🎮 Opinions are my own. I write about careers and games. Not a recruiter.
Ian Carroll @iangcarroll
16K Followers 1K Following Founder at @SeatsAero. Travel/points, application security, security research, etc. https://t.co/q0VuCP7rXz
Zero Day Engineering @zerodaytraining
8K Followers 1 Following State-of-the-Art Exploit R&D • @alisaesage
ProjectDiscovery @pdiscoveryio
37K Followers 125 Following Detect real, exploitable vulnerabilities. Harness the power of Nuclei for fast and accurate findings without false positives.
XSS Payloads @XssPayloads
52K Followers 0 Following
Microsoft BlueHat @MSFTBlueHat
5K Followers 203 Following BlueHat is where the security research community and @Microsoft security pros come together as peers, to connect, share and learn. Run by @MSFTSecResponse
Clown World ™ 🤡 @ClownWorld_
3.1M Followers 991 Following ClownWorld™ 🤡🌎 The freakshow is real. We just hit upload. DM for credit ✉️ | removal ❌ | business inquiries 👨💼💼
Deep Web Konek @deepwebkonek
4K Followers 227 Following Philippine based cybersecurity advocacy group specializing in monitoring and addressing threats from the deep web and dark web.
USENIX Association @usenix
14K Followers 835 Following Champions open access. Organizes vendor-neutral conferences in systems computing. Fosters collaborative & respectful communities of researchers & practitioners.
🄲🅈🄱🄴🅁 ... @Cyber_Asia_
4K Followers 62 Following Follow us for the latest #cybersecurity news in Asia.
sakura @eternalsakura13
8K Followers 190 Following Lead Security Researcher @zellic_io. 2022-2024 Top 3 Chrome VRP. 2023 Top 2 Facebook Whitehat. 2025 MSRC MVRs 9th. BlackHat Asia/USA & Zer0Con speaker.
HCLSoftware @HCLSoftware
39K Followers 16K Following We develop, market, sell, and support software for AI and Automation, Data, Analytics and Insights, Digital Transformation, and Enterprise Security.
Gary Striewski @garystriewski
30K Followers 729 Following Stay weird. ESPN. Sportscenter. SC+. Ruined the 2023 Nathan’s Famous Hot Dog Eating contest 🇺🇸
Nuclei by ProjectDisc... @pdnuclei
36K Followers 184 Following Nuclei uses a vast templating library to scan applications, cloud infrastructure, and networks to find and remediate vulnerabilities.
nyxgeek @nyxgeek
7K Followers 3K Following rebel scum, nerfherder, dogged and relentless. H/P/V/A/C Directory - https://t.co/qn0D9H7IIi
Ismael Valenzuela @aboutsecurity
19K Followers 9K Following VP Labs, Threat Research & Intel @AWNetworks ▪️ Ex @Foundstone @Intel @McAfee @BlackBerry▪️ SANS Author & Senior Instructor #GSE 132 ▪️ #SEC530 #ThinkRedActBlue
Hollie Hennessy @HollieHennessy
5K Followers 737 Following Lead Analyst covering IoT and OT Cybersecurity. London. Foodie. Classicist. Views are my own.
✨🇵🇭👩🏻�... @_contextually
242 Followers 751 Following 📍LAS | OAK | HNL | actually from the Beast Coast ; she/her/they #CloudSecurity #Cybersecurity #WomenInTech #AWS #DEI
Miriam Wiesner @MiriamXyra
4K Followers 764 Following Security Research PM at @Microsoft, Passionate about #hacking, #security and #powershell, tweets are my own | @[email protected]
Ray [REDACTED] @RayRedacted
67K Followers 8K Following Hacker, Researcher, Podcast Producer (Tribe of Hackers, Darknet Diaries). Proud dad of the fastest climber in the world. Ever. “Ut scandis, alios subleva”
HaxRob @haxrob
15K Followers 452 Following I enjoy breaking things. Telco / mobile and IoT security. Surfing the information super highway one keystroke at a time.
Johann Rehberger @wunderwuzzi23
7K Followers 597 Following Hacking neural networks so that we don’t get stuck in the matrix. Builder and Breaker. Opinions are my own. https://t.co/ij8buvMaXg
R M ⚡🇺🇦 @kingthorin_rm
2K Followers 451 Following IT Sec guy, @zaproxy co-lead, @owasp_wstg co-lead, VWAD co-lead, @owasp_ottawa volunteer, Hac≺3r, supporter of oxford commas, #INTJ. (Opinions == mine) 🍁
T1nt1n @t1nt1nsn0wy
699 Followers 4K Following Noobie H4CK3R and researcher at @qualys. Prev @pwc. Views are my own :)
Simon Bennetts ⚡�... @psiinon
7K Followers 632 Following ZAP (@zaproxy) by @Checkmarx lead, #Mozillian Mastodon: @[email protected]
Dray | Offensive AppS... @driccosec
255 Followers 1K Following 🛡️ | SecOps Specialist & API Security Pro | OSCP Certified 🧾 | Web & Mobile App Pentester 🌐📱 | DM me to Test & Secure your Digital Assets 👇
CVE @CVEnew
56K Followers 3 Following Official account maintained by the CVE™ Program to notify the community of new CVE IDs. Posts contain abbreviated details. Full CVE Records on https://t.co/ALn4YvUtom
Joe Ingeno @JoeIngeno
53K Followers 13K Following Software Architect | Developer | Author of Software Architect's Handbook https://t.co/fZ7mamCNLD
Megan Anderson @megancodeshere
34 Followers 349 Following I'm a software developer, tap-tap-tapping. Semi-professional account for code-sharing #100daysofcode, networking (blech), and related shenanigans.
SΞCURΞUM @TheSecureum
13K Followers 1 Following Secureum = Security + Ethereum Founder: @0xRajeev Discord: https://t.co/m9fMLfXhEU
Skytalks @dcskytalks
7K Followers 146 Following A ‘sub-conference’ that gives a unique platform for researchers to share their research, for angry hackers to rant about issues in the industry off-the-record
Nightbane / Matt Keel... @Nightbanes
3K Followers 179 Following We are not in the age of zero-days anymore. We are in the age of zero hours.
Purplemet @purplemet
2K Followers 1K Following Purplemet is a non-intrusive (SaaS) solution for analyzing and monitoring the security of web applications. It gives you in a few seconds the level of security.
Mudge @dotMudge
63K Followers 337 Following Make a dent in the universe. Find something that needs improvement: go there and fix things. If not you, then who? {he/they}
Dr. Nicole LePera @Theholisticpsyc
1.0M Followers 322 Following Join my private healing community @selfhealerscirc 👇🏼
InfoSec Community @InfoSecComm
52K Followers 636 Following Largest InfoSec publication with 62,000+ followers and 1M+ monthly views.
Playwright @playwrightweb
16K Followers 5 Following Playwright is an automation library for cross-browser end-to-end testing by @Microsoft. Available in JavaScript, TypeScript, Python, Java and .NET.
Sam Curry @samwcyo
97K Followers 1K Following Hacker, bug bounty hunter. Run a blog to better explain web application security.
Geekboy @emgeekboy
25K Followers 452 Following Hacker, Co-Founder @pdiscoveryio, Ex-Security Analyst / BugBounty @Hacker0x01
Trickest @trick3st
11K Followers 17 Following Visualize, operate & scale everything offensive security in one-platform.Trends for United States
You might like
