Skip to content

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. He recently authored the DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, and PivotalOne. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.

Subscribe Now
Application Security: Changes to Microsoft Patch Tuesday

Application Security: Changes to Microsoft Patch Tuesday

Everyone should be patching like Microsoft. You can argue with some of the tiny details about how Microsoft schedules..


So, Now We Have a Federal CISO...

So, now we have a federal CISO, Brigadier General [Retired] Gregory J. Touhill, as part of the Office of Management and..

60 Minutes & the

60 Minutes & the "Signaling System Seven (SS7) Vulnerability"

Over the weekend, 60 Minutes featured a segment on how cellphones and mobile phone networks are vulnerable to hacking,..


The 4 Dimensions of a sound Application Security Strategy

For many application security vendors, "coverage" is the third rail — but it's a critical part of your application..

Can Openness in the US Government Lead to Better Application Security?

Can Openness in the US Government Lead to Better Application Security?

On Tuesday morning, ZDNet reported that U.S. government has published a new federal policy that aims to encourage more..

Peiter Zatko's (Mudge) Cyber Independent Testing Lab methods.... just another flash in the pan?

Last week, The Intercept published an article (A Famed Hacker is Grading Thousands of Programs – and May Revolutionize..

"The DCCC Hacked:  SQL Injection?  Come on."

Jeff's comments here are a follow-up to his blog post "International hacks, politics and knee-jerk cybersecurity.....


With Only a Hammer, Everything Looks Like a Security Vulnerability!

Did you know that most security vulnerabilities are simply the result of failing to use the right security control in..

International hacks, politics and knee-jerk cybersecurity - never a good mix

The FBI is now leading an investigation into a hack into the Democratic National Committee. This is the first..