SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. Previously, Jeff was co-founder and CEO of Aspect Security, a successful and innovative application security consulting company acquired by Ernst & Young. Jeff is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years.

Connect With Us :  

My Top 5 Cyber Security Predictions for 2016

It's that time of year for my top predictions for 2016.  And, let's review how well I did for 2015:

My 2016 predictions include:

  1. We will see a major attack that takes advantage of our totally unprotected development infrastructure.
  2. We will..
Continue Reading >>

Why the Java serialization vulnerability makes Heartbleed look tame - explained

I've been receiving questions from some of you to provide a bit more detail on why this Java vulnerability is so critical to fix...

Basically, why is this such a big deal? 

It’s a big deal because many enterprise applications are vulnerable. It’s..

Continue Reading >>

Java Serialization Vulnerability Threatens Millions of Applications

 A widespread vulnerability in Java environments leaves thousands of businesses seriously exposed. Despite lacking a clever name — ala Heartbleed, Shellshock, and POODLE — this vulnerability is poised to allow hackers to do damage across the..

Continue Reading >>

Point of View: Potential security issues with vehicle to vehicle connected cars

The fundamental problem is that the industry hasn’t created a thorough (and openly available) threat model that adequately considers what hackers might do. The analysis of V2V communications I’ve read focuses on safety issues — what happens under..

Continue Reading >>

Point of View: $100MM cost of hacking

Many people think wires are the most secure way to send large sums of money. I’ve seen how many of these wires get processed, even wires for billions of dollars.  And it’s just like most other enterprise software — lots of vulnerabilities waiting to..

Continue Reading >>

Point of View: Delta flight and airline cybersecurity

This is always the tradeoff…   How do we balance the risk of providing some new, cool, useful feature against the risks that the new feature creates?  What makes this especially hard is that while the benefits are often immediate and concrete,..

Continue Reading >>

Point of View: Senate Stalls Cybersecurity Bill

The rush to "do something" about cyber security issues is leading both legislators in industry to ridiculous place.

Most people's knee-jerk reaction when thinking about cyber security is that we should go after the attackers.  The thinking is..

Continue Reading >>

Point of View: Chrysler recalls 1.4 million hackable cars

“The interesting thing about this recall is not that it’s going to be expensive and inconvenient (it will), but that it shouldn’t have had to happen.  We already know the importance of auto-update.  Remember those painful years of downloading..

Continue Reading >>

The Fast, Free, Fantastic Way to Find Cross-Site Scripting (XSS)

What Is XSS?

Cross-site scripting (XSS) is really pretty simple. Any time untrusted data ends up an HTML page without proper validation and escaping, you have a problem.  So when a developer takes an HTTP request parameter and it finds its way..

Continue Reading >>

The 10 Most Important Security Controls Missing in JavaEE

JavaEE has some excellent built-in security mechanisms, but they don’t come close to covering all the threats that your applications will face.  Many common attacks like Cross-Site Scripting (XSS), SQL Injection, Cross-Site Request Forgery (CSRF),..

Continue Reading >>

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook