SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. Previously, Jeff was co-founder and CEO of Aspect Security, a successful and innovative application security consulting company acquired by Ernst & Young. Jeff is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years.

Connect With Us :  

Jeff Williams, Contrast CTO: Security Predictions for 2018

Security Predictions for 2018

The world of software is changing quickly at all of our clients. As we look across tens of thousands of applications and a wealth of vulnerability and attack data, some clear trends emerge. We continue to believe..

Continue Reading >>

A Week of Web Application Hacks and Vulnerabilities

Wow, what a week! Our industry is rippling from all the news surrounding the latest Struts 2 vulnerability and the possibility that another Struts vulnerability was also responsible for the Equifax hack. 

Continue Reading >>

Thoughts on Modern Security Practices and Security Frameworks

How have modern assets like cloud instances, web-based applications, mobile devices, application containers, and others affected your security and risk management program?

It's way past time for organizations to realize how ridiculous it is to..

Continue Reading >>

How Code Vulnerabilities Can Lead to Bad Accidents

Are you interested in the security of the open source libraries you're trusting with your business? If so, you may want to read this article, "How Code Vulnerabilities Can Lead to Bad Accidents" that was featured in Dark Reading. It discusses how..

Continue Reading >>

A CTO's Response to Trump's Cybersecurity Executive Order

In principle, holding each agency head accountable for his or her agency’s cybersecurity is logical. The problem with that is they were already accountable. When the OPM was breached, director Katherine Archuleta stepped down. And there were calls..

Continue Reading >>

Improve Application Security by Turning it into Code

Why is application security such a pain? One of the hard problems with application security is that there are a zillion different ways that things can go wrong.

Continue Reading >>

The Importance of Adding "A7: Insufficient Attack Protection" to the OWASP Top 10

We know there are some very strong feelings about both the recent Top Ten Release Candidate and my involvement in the project. Steve Ragan does a nice job summarizing the issue in CSO: "Contrast Security Responds to OWASP Top 10 Controversy."  While..

Continue Reading >>

We are Seeing Ongoing Struts 2 Attacks

If you’re running web applications on the Internet, then you’re almost certainly seeing probes for the Struts 2 vulnerability (CVE-2017-5638). These attacks started within hours of the vulnerability being released, and we continue to see..

Continue Reading >>

Two New Vulnerabilities added to the OWASP Top 10

The Open Web Application Security Project (OWASP) just released an update to the ten most critical web application security risks.

Back in 2002 I wrote the first OWASP Top 10 list and it was published in 2003. My idea was that application security..

Continue Reading >>

US Needs a Federal CISO — A Response to the Appointment of a US Cybersecurity Coordinator

In response to the Trump administration announcement of the appointment of a White House cybersecurity coordinator. Contrast Security Co-founder and CTO, Jeff Williams, was ask to provide his thoughts in a recently published CSO article, "US Needs a..

Continue Reading >>

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook