Skip to content

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. He recently authored the DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, and PivotalOne. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.

Subscribe Now
    A Week of Web Application Hacks and Vulnerabilities

    A Week of Web Application Hacks and Vulnerabilities

    Wow, what a week! Our industry is rippling from all the news surrounding the latest Struts 2 vulnerability and the..

    Thoughts on Modern Security Practices and Security Frameworks

    Thoughts on Modern Security Practices and Security Frameworks

    How have modern assets like cloud instances, web-based applications, mobile devices, application containers, and others..

    Jeff Williams

    How Code Vulnerabilities Can Lead to Bad Accidents

    Are you interested in the security of the open source libraries you're trusting with your business? If so, you may want..

    A CTO's Response to Trump's Cybersecurity Executive Order

    In principle, holding each agency head accountable for his or her agency’s cybersecurity is logical. The problem with..


    Improve Application Security by Turning it into Code

    Why is application security such a pain? One of the hard problems with application security is that there are a zillion..


    Adding "A7: Insufficient Attack Protection" to the OWASP Top 10

    We know there are some very strong feelings about both the recent Top Ten Release Candidate and my involvement in the..

    We are Seeing Ongoing Struts 2 Attacks

    We are Seeing Ongoing Struts 2 Attacks

    If you’re running web applications on the Internet, then you’re almost certainly seeing probes for the Struts 2..

    Two New Vulnerabilities added to the OWASP Top 10

    The Open Web Application Security Project (OWASP) just released an update to the ten most critical web application..

    US Needs a Federal CISO — A Response to the Appointment of a US Cybersecurity Coordinator

    In response to the Trump administration announcement of the appointment of a White House cybersecurity coordinator...