APPSEC OBSERVER

The latest trends and tips in DevSecOps through instrumentation and Security Observability.

Subscribe To Blog

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. He recently authored the DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, and PivotalOne. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.

Connect With Us :  

Why We Need “Developer-First” Application Security

I recently did a podcast with Security Weekly that highlights developer-first application security. A recent survey that we conducted shows that, despite increasing pressure for accelerated release cycles, developers actually are interested in..

Continue Reading >>

THE FORTHCOMING 2021 OWASP TOP TEN SHOWS THAT THREAT MODELING IS NO LONGER OPTIONAL

In 2003, two years after the organization was founded, the Open Web Application Security Project (OWASP) published the first OWASP Top Ten—an attempt to raise awareness about the biggest application security risks that organizations face.

Continue Reading >>

CONTRAST APPLICATION SECURITY PLATFORM CUTS VULNERABILITY ESCAPE RATE (VER) FROM 12 TO 1 IN A YEAR

Application Security Observability Report Shows Developers Write More Secure Code the More They Use the Contrast Platform

One way that organizations can speed their development cycles while improving the security of their applications is for..

Continue Reading >>

Contrast Challenges the AST Status Quo in the Gartner 2021 AST Magic Quadrant

Gartner released its latest Magic Quadrant for application security testing (AST)—naming Contrast Security as a “Challenger” for 2021. In just six short years, Contrast has grown to the top half of the MQ—challenging revenue from..

Continue Reading >>

SAST, DAST, and IAST: Why the difference matters

Quick Review Of Application Security Testing

When I attend social functions with friends, people often ask what I do. I'm never quite sure where to start. "I run a small tech company that helps Java applications run more securely" is probably..

Continue Reading >>

7 advantages of Interactive Application Security Testing (IAST)

Interactive Application Security Testing (IAST) works in fundamentally different ways than static or dynamic tools using instrumentation technology. IAST leverages information from inside the running application, including runtime requests, data..

Continue Reading >>

Jeff Williams, Contrast CTO: Security Predictions for 2018

Security Predictions for 2018

The world of software is changing quickly at all of our clients. As we look across tens of thousands of applications and a wealth of vulnerability and attack data, some clear trends emerge. We continue to believe..

Continue Reading >>

A Week of Web Application Hacks and Vulnerabilities

Wow, what a week! Our industry is rippling from all the news surrounding the latest Struts 2 vulnerability and the possibility that another Struts vulnerability was also responsible for the Equifax hack. 

Continue Reading >>

Thoughts on Modern Security Practices and Security Frameworks

How have modern assets like cloud instances, web-based applications, mobile devices, application containers, and others affected your security and risk management program?

It's way past time for organizations to realize how ridiculous it is to..

Continue Reading >>

How Code Vulnerabilities Can Lead to Bad Accidents

Are you interested in the security of the open source libraries you're trusting with your business? If so, you may want to read this article, "How Code Vulnerabilities Can Lead to Bad Accidents" that was featured in Dark Reading. It discusses how..

Continue Reading >>

SUBSCRIBE TO THE BLOG