SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. Previously, Jeff was co-founder and CEO of Aspect Security, a successful and innovative application security consulting company acquired by Ernst & Young. Jeff is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years.

Connect With Us :  

With Only a Hammer, Everything Looks Like a Security Vulnerability!

Did you know that most security vulnerabilities are simply the result of failing to use the right security control in the right place?

Continue Reading >>

International hacks, politics and knee-jerk cybersecurity - never a good mix

The FBI is now leading an investigation into a hack into the Democratic National Committee. This is the first acknowledgment from the agency that they are probing the incident, which US officials suspect came from a Russian cyberattack. The FBI said..

Continue Reading >>

Hacked... Because of an Insecure Library

This morning, ZDNet’s Zack Whittaker reported a hacker has targeted the official forum for the mobile game Clash of Kings, stealing nearly 1.6 million accounts. According to the piece, the hacker exploited a known weakness in the forum’s..

Continue Reading >>

The True Cost of "False Positives" in Application Security

Remember the story of the boy who cried wolf?  His pranks were "false alarms" - defined as "a mistaken or intentionally misleading alert that something is wrong and needs attention."  False alarms from application security tools are certainly..

Continue Reading >>

Security Fail in Pokémon Go

 
As you may have heard, some Pokémon Go players may have given the game’s developers access to everything on their Google account – including documents, photos, email messages, search history and items stored their cloud.
Continue Reading >>

Contrast releases new open source integrations to transform DevOps into DevSecOps

Contrast is tailor-made for powering appsec in devops organizations. It's instant, accurate, powerful, and scalable. It installs and runs exactly like New Relic or AppDynamics, but for security not performance.  If you've licensed Contrast and..

Continue Reading >>

Third category of application security tools beyond "static" and "dynamic"?

Recently, Clark Coleman asked a very logical question about application security tools.

Continue Reading >>

Waiter… there’s a fly in my appsec tool soup!!!

Brace yourself. Recent advances in application security are about to spawn an onslaught of application security tool vendors who think you absolutely must have their "complete" solution to protect your applications.

They want to sell you the old..

Continue Reading >>

How to Get Started in Application Security

My OWASP Cheat Sheet for Cross-site Scripting (XSS) just passed 1M views, and I'm proud of that. It ain't Shakespeare, so that means a lot of people are actually interested in knocking out XSS.

Making application security accessible and..

Continue Reading >>

Point of View: Congress Ironically Hacks CISA into "Must Pass" Omnibus Spending Bill -- Destroys Privacy

The most recent omnibus spending bill now includes the Cybersecurity Information Sharing Act of 2015.  This bill provides broad protection to companies that share loosely defined "cybersecurity" information with government, even disallowing FOIA..

Continue Reading >>

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook