Liran Tal

๐Ÿ‘‹ Hi there, I'm Liran Tal

Known for his open source and JavaScript security initiatives, Liran Tal is an award-winning software developer, security researcher, and open source champion in the JavaScript community. He's an internationally recognized GitHub Star, acknowledged for his open source advocacy, and has received the OpenJS Foundation's Pathfinder for Security for his work on Node.js security. His contributions to developer security education include leading OWASP projects, building supply chain security tools, participation in CNCF and OpenSSF initiatives, and authoring books such as O'Reilly's Serverless Security. He leads the developer advocacy team at and is on a mission to empower developers with better application security skills.

Friends share feedback

Testimonials from social media

  • profile picture
    Luciano Mammino
    Author of Node.js Design Patterns

    FANTASTIC WORKSHOP! Learned a ton! Thanks a lot ๐Ÿ™

  • profile picture
    Caleb Queern
    DevSecOps at KPMG Cyber Security

    ๐Ÿ‘€ Wow what great work from @HTTPArchive on the 2022 Web Almanac's Security chapter! Nice job @_clarkio, @liran_tal, @Saptak013 Lots of detailed analysis of progress and opportunities to better secure the web

  • profile picture
    Jim Manico
    OWASP Leader

    What an honor. Thank you Liran. Some people talk about AppSec (me) and some people really dig in and do the work (you). Iโ€™m a big fan. ๐Ÿค™๐Ÿป

  • profile picture
    Rob Whittaker
    Director of Software Development

    This is an excellent little article by @liran_tal on installing Ruby on macOS for local development. There are plenty of options available to you. (I prefer `asdf`.) The most important thing is not to use the system Ruby.

  • profile picture
    Jose Aguinaga
    Head of Engineering at @hoprnet

    This is one of the best guides I've seen on this topic, really cool stuff. Definitely going to take a look at @snyksec's @github action to add it in our @hoprnet project.

  • profile picture
    Dev Sharma
    Software Developer

    This has become my primary source for learning docker with node. Thanks for sharing these ๐Ÿ’

  • profile picture
    Fernando Carrascosa
    Tech Lead

    After being in a workshop by @liran_tal and realizing that RegExps can be exploited fairly easily, I decided to use a validation library. I even contributed to the @DefinitelyTyped definition of it :D

  • profile picture
    Jan Demel
    Software Developer

    Just watched @liran_tal's talk about path traversal vulnerability @NodeConfEU. It was absolutely amazing! I was always into security issues and learning things from such an expert was an honor!

From the blog