Skip to content

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. He recently authored the DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, and PivotalOne. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.

Subscribe Now

A CTO's Response to Trump's Cybersecurity Executive Order

In principle, holding each agency head accountable for his or her agency’s cybersecurity is logical. The problem with..

devops-application-security.jpg

Improve Application Security by Turning it into Code

Why is application security such a pain? One of the hard problems with application security is that there are a zillion..

OWASPLOGO.png

Adding "A7: Insufficient Attack Protection" to the OWASP Top 10

We know there are some very strong feelings about both the recent Top Ten Release Candidate and my involvement in the..

We are Seeing Ongoing Struts 2 Attacks

We are Seeing Ongoing Struts 2 Attacks

If you’re running web applications on the Internet, then you’re almost certainly seeing probes for the Struts 2..

Two New Vulnerabilities added to the OWASP Top 10

The Open Web Application Security Project (OWASP) just released an update to the ten most critical web application..

US Needs a Federal CISO — A Response to the Appointment of a US Cybersecurity Coordinator

In response to the Trump administration announcement of the appointment of a White House cybersecurity..

continuous-application-security.jpeg

Automating Application Security in Modern Software Projects

Today, it seems like every organization has become a software company. The increasing dependence on automation demands..

Obama Orders Review of Election Hacking

BACKROUND - President Obama recently ordered a “deep dive” into the cyberattacks of this year’s election and he wants..

application-security-tools-third-category-1.jpg

Is There a 3rd Category of Application Security Tools Beyond Static & Dynamic?

Recently, Clark Coleman asked a very logical question about application security tools: Can you explain the difference..