SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

START FREE TRIAL

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. Previously, Jeff was co-founder and CEO of Aspect Security, a successful and innovative application security consulting company acquired by Ernst & Young. Jeff is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years.

Connect With Us :  

Why the difference between SAST, DAST, and IAST matters

Quick Review Of Application Security Testing

When I attend social functions with friends people often ask what I do. I'm never quite sure where to start. "I run a small tech company that helps Java applications run more securely" is probably..

Continue Reading >>

7 advantages of Interactive Application Security Testing (IAST)

Interactive Application Security Testing (IAST) works in fundamentally different ways than static or dynamic tools using instrumentation technology. IAST leverages information from inside the running application, including runtime requests, data..

Continue Reading >>

Jeff Williams, Contrast CTO: Security Predictions for 2018

Security Predictions for 2018

The world of software is changing quickly at all of our clients. As we look across tens of thousands of applications and a wealth of vulnerability and attack data, some clear trends emerge. We continue to believe..

Continue Reading >>

A Week of Web Application Hacks and Vulnerabilities

Wow, what a week! Our industry is rippling from all the news surrounding the latest Struts 2 vulnerability and the possibility that another Struts vulnerability was also responsible for the Equifax hack. 

Continue Reading >>

Thoughts on Modern Security Practices and Security Frameworks

How have modern assets like cloud instances, web-based applications, mobile devices, application containers, and others affected your security and risk management program?

It's way past time for organizations to realize how ridiculous it is to..

Continue Reading >>

How Code Vulnerabilities Can Lead to Bad Accidents

Are you interested in the security of the open source libraries you're trusting with your business? If so, you may want to read this article, "How Code Vulnerabilities Can Lead to Bad Accidents" that was featured in Dark Reading. It discusses how..

Continue Reading >>

A CTO's Response to Trump's Cybersecurity Executive Order

In principle, holding each agency head accountable for his or her agency’s cybersecurity is logical. The problem with that is they were already accountable. When the OPM was breached, director Katherine Archuleta stepped down. And there were calls..

Continue Reading >>

Improve Application Security by Turning it into Code

Why is application security such a pain? One of the hard problems with application security is that there are a zillion different ways that things can go wrong.

Continue Reading >>

Adding "A7: Insufficient Attack Protection" to the OWASP Top 10

We know there are some very strong feelings about both the recent Top Ten Release Candidate and my involvement in the project. Steve Ragan does a nice job summarizing the issue in CSO: "Contrast Security Responds to OWASP Top 10 Controversy."  While..

Continue Reading >>

We are Seeing Ongoing Struts 2 Attacks

If you’re running web applications on the Internet, then you’re almost certainly seeing probes for the Struts 2 vulnerability (CVE-2017-5638). These attacks started within hours of the vulnerability being released, and we continue to see..

Continue Reading >>

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook