SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

START FREE TRIAL

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. He recently authored the DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, and PivotalOne. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.

Connect With Us :  

Peiter Zatko's (Mudge) Cyber Independent Testing Lab methods.... just another flash in the pan?

Last week, The Intercept published an article (A Famed Hacker is Grading Thousands of Programs – and May Revolutionize Software in the Process) discussing a new method for testing and scoring the security of software. This new method – called the..

Continue Reading >>

"The DCCC Hacked:  SQL Injection?  Come on."

Jeff's comments here are a follow-up to his blog post "International hacks, politics and knee-jerk cybersecurity... never a good mix - Russia & the DNC Hack." You may want to read that post too!

Some software is more important than other..

Continue Reading >>

With Only a Hammer, Everything Looks Like a Security Vulnerability!

Did you know that most security vulnerabilities are simply the result of failing to use the right security control in the right place?

Continue Reading >>

International hacks, politics and knee-jerk cybersecurity - never a good mix

The FBI is now leading an investigation into a hack into the Democratic National Committee. This is the first acknowledgment from the agency that they are probing the incident, which US officials suspect came from a Russian cyberattack. The FBI said..

Continue Reading >>

Hacked... Because of an Insecure Library

This morning, ZDNet’s Zack Whittaker reported a hacker has targeted the official forum for the mobile game Clash of Kings, stealing nearly 1.6 million accounts. According to the piece, the hacker exploited a known weakness in the forum’s..

Continue Reading >>

The True Cost of "False Positives" in Application Security

Remember the story of the boy who cried wolf?  His pranks were "false alarms" - defined as "a mistaken or intentionally misleading alert that something is wrong and needs attention."  False alarms from application security tools are certainly..

Continue Reading >>

Security Fail in Pokémon Go

 
As you may have heard, some Pokémon Go players may have given the game’s developers access to everything on their Google account – including documents, photos, email messages, search history and items stored their cloud.
Continue Reading >>

Contrast releases new open source integrations to transform DevOps into DevSecOps

Contrast is tailor-made for powering appsec in devops organizations. It's instant, accurate, powerful, and scalable. It installs and runs exactly like New Relic or AppDynamics, but for security not performance.  If you've licensed Contrast and..

Continue Reading >>

Third category of application security tools beyond "static" and "dynamic"?

Recently, Clark Coleman asked a very logical question about application security tools.

Continue Reading >>

Waiter… there’s a fly in my appsec tool soup!!!

Brace yourself. Recent advances in application security are about to spawn an onslaught of application security tool vendors who think you absolutely must have their "complete" solution to protect your applications.

They want to sell you the old..

Continue Reading >>

SUBSCRIBE TO THE BLOG