Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.


Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. He recently authored the DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, and PivotalOne. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.

Connect With Us :  

Two New Vulnerabilities added to the OWASP Top 10

The Open Web Application Security Project (OWASP) just released an update to the ten most critical web application security risks.

Back in 2002 I wrote the first OWASP Top 10 list and it was published in 2003. My idea was that application security..

Continue Reading >>

US Needs a Federal CISO — A Response to the Appointment of a US Cybersecurity Coordinator

In response to the Trump administration announcement of the appointment of a White House cybersecurity coordinator. Contrast Security Co-founder and CTO, Jeff Williams, was ask to provide his thoughts in a recently published CSO article, "US Needs a..

Continue Reading >>

Automating Application Security in Modern Software Projects

Today, it seems like every organization has become a software company.

The increasing dependence on automation demands that software survive and thrive despite an increasingly hostile environment.

Insecure code has become the leading security..

Continue Reading >>

Obama Orders Review of Election Hacking

BACKROUND - President Obama recently ordered a “deep dive” into the cyberattacks of this year’s election and he wants the report before he leaves office on January 20. This request comes as President-elect Trump has again dismissed the intelligence..

Continue Reading >>

Is There a 3rd Category of Application Security Tools Beyond Static & Dynamic?

Recently, Clark Coleman asked a very logical question about application security tools:

Can you explain the difference between DAST (Dynamic Application Security Testing) and IAST (Interactive Application Security Testing)? To a novice like me,..
Continue Reading >>

Application Security: Changes to Microsoft Patch Tuesday

Everyone should be patching like Microsoft.

You can argue with some of the tiny details about how Microsoft schedules patches, but the elephant in the room is that nobody has thought through continuous patching better or for longer than Microsoft.

Continue Reading >>

So, Now We Have a Federal CISO...

So, now we have a federal CISO, Brigadier General [Retired] Gregory J. Touhill, as part of the Office of Management and Budget (OMB.) But, what does that really mean?

Continue Reading >>

60 Minutes & the "Signaling System Seven (SS7) Vulnerability"

Over the weekend, 60 Minutes featured a segment on how cellphones and mobile phone networks are vulnerable to hacking, exploiting a security flaw discovered in Signaling System Seven – or SS7. According to security researcher Karsten Nohl, “the..

Continue Reading >>

The 4 Dimensions of a sound Application Security Strategy

For many application security vendors, "coverage" is the third rail — but it's a critical part of your application security strategy... maybe the most critical.

If you're a CISO, appsec program manager, or anyone else charged with creating an..

Continue Reading >>

Can Openness in the US Government Lead to Better Application Security?

On Tuesday morning, ZDNet reported that U.S. government has published a new federal policy that aims to encourage more agencies to open-source custom code they’ve developed.

Continue Reading >>