SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

START FREE TRIAL

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. Previously, Jeff was co-founder and CEO of Aspect Security, a successful and innovative application security consulting company acquired by Ernst & Young. Jeff is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years.

Connect With Us :  

How to Get Started in Application Security

My OWASP Cheat Sheet for Cross-site Scripting (XSS) just passed 1M views, and I'm proud of that. It ain't Shakespeare, so that means a lot of people are actually interested in knocking out XSS.

Making application security accessible and..

Continue Reading >>

Point of View: Congress Ironically Hacks CISA into "Must Pass" Omnibus Spending Bill -- Destroys Privacy

The most recent omnibus spending bill now includes the Cybersecurity Information Sharing Act of 2015.  This bill provides broad protection to companies that share loosely defined "cybersecurity" information with government, even disallowing FOIA..

Continue Reading >>

My Top 5 Cyber Security Predictions for 2016

It's that time of year for my top predictions for 2016.  And, let's review how well I did for 2015:

My 2016 predictions include:

  1. We will see a major attack that takes advantage of our totally unprotected development infrastructure.
  2. We will..
Continue Reading >>

Why the Java serialization vulnerability makes Heartbleed look tame - explained

I've been receiving questions from some of you to provide a bit more detail on why this Java vulnerability is so critical to fix...

Basically, why is this such a big deal? 

It’s a big deal because many enterprise applications are vulnerable. It’s..

Continue Reading >>

How to protect your Apps from the Java Serialization Vulnerability

 A widespread vulnerability in Java environments leaves thousands of businesses seriously exposed. Despite lacking a clever name — ala Heartbleed, Shellshock, and POODLE — this vulnerability is poised to allow hackers to do damage across the..

Continue Reading >>

Point of View: Potential security issues with vehicle to vehicle connected cars

The fundamental problem is that the industry hasn’t created a thorough (and openly available) threat model that adequately considers what hackers might do. The analysis of V2V communications I’ve read focuses on safety issues — what happens under..

Continue Reading >>

Point of View: $100MM cost of hacking

Many people think wires are the most secure way to send large sums of money. I’ve seen how many of these wires get processed, even wires for billions of dollars.  And it’s just like most other enterprise software — lots of vulnerabilities waiting to..

Continue Reading >>

Point of View: Delta flight and airline cybersecurity

This is always the tradeoff…   How do we balance the risk of providing some new, cool, useful feature against the risks that the new feature creates?  What makes this especially hard is that while the benefits are often immediate and concrete,..

Continue Reading >>

Point of View: Senate Stalls Cybersecurity Bill

The rush to "do something" about cyber security issues is leading both legislators in industry to ridiculous place.

Most people's knee-jerk reaction when thinking about cyber security is that we should go after the attackers.  The thinking is..

Continue Reading >>

Point of View: Chrysler recalls 1.4 million hackable cars

“The interesting thing about this recall is not that it’s going to be expensive and inconvenient (it will), but that it shouldn’t have had to happen.  We already know the importance of auto-update.  Remember those painful years of downloading..

Continue Reading >>

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook