SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

START FREE TRIAL

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. Previously, Jeff was co-founder and CEO of Aspect Security, a successful and innovative application security consulting company acquired by Ernst & Young. Jeff is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years.

Connect With Us :  

Peiter Zatko's (Mudge) Cyber Independent Testing Lab methods.... just another flash in the pan?

Last week, The Intercept published an article (A Famed Hacker is Grading Thousands of Programs – and May Revolutionize Software in the Process) discussing a new method for testing and scoring the security of software. This new method – called the..

Continue Reading >>

"The DCCC Hacked:  SQL Injection?  Come on."

Jeff's comments here are a follow-up to his blog post "International hacks, politics and knee-jerk cybersecurity... never a good mix - Russia & the DNC Hack." You may want to read that post too!

Some software is more important than other..

Continue Reading >>

With Only a Hammer, Everything Looks Like a Security Vulnerability!

Did you know that most security vulnerabilities are simply the result of failing to use the right security control in the right place?

Continue Reading >>

International hacks, politics and knee-jerk cybersecurity - never a good mix

The FBI is now leading an investigation into a hack into the Democratic National Committee. This is the first acknowledgment from the agency that they are probing the incident, which US officials suspect came from a Russian cyberattack. The FBI said..

Continue Reading >>

Hacked... Because of an Insecure Library

This morning, ZDNet’s Zack Whittaker reported a hacker has targeted the official forum for the mobile game Clash of Kings, stealing nearly 1.6 million accounts. According to the piece, the hacker exploited a known weakness in the forum’s..

Continue Reading >>

The True Cost of "False Positives" in Application Security

Remember the story of the boy who cried wolf?  His pranks were "false alarms" - defined as "a mistaken or intentionally misleading alert that something is wrong and needs attention."  False alarms from application security tools are certainly..

Continue Reading >>

Security Fail in Pokémon Go

 
As you may have heard, some Pokémon Go players may have given the game’s developers access to everything on their Google account – including documents, photos, email messages, search history and items stored their cloud.
Continue Reading >>

Contrast releases new open source integrations to transform DevOps into DevSecOps

Contrast is tailor-made for powering appsec in devops organizations. It's instant, accurate, powerful, and scalable. It installs and runs exactly like New Relic or AppDynamics, but for security not performance.  If you've licensed Contrast and..

Continue Reading >>

Third category of application security tools beyond "static" and "dynamic"?

Recently, Clark Coleman asked a very logical question about application security tools.

Continue Reading >>

Waiter… there’s a fly in my appsec tool soup!!!

Brace yourself. Recent advances in application security are about to spawn an onslaught of application security tool vendors who think you absolutely must have their "complete" solution to protect your applications.

They want to sell you the old..

Continue Reading >>

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook