Skip to content

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. He recently authored the DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, and PivotalOne. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.

Subscribe Now

    Automating Application Security in Modern Software Projects

    Today, it seems like every organization has become a software company. The increasing dependence on automation demands..

    Obama Orders Review of Election Hacking

    BACKROUND - President Obama recently ordered a “deep dive” into the cyberattacks of this year’s election and he wants..


    Is There a 3rd Category of Application Security Tools Beyond Static & Dynamic?

    Recently, Clark Coleman asked a very logical question about application security tools: Can you explain the difference..

    Application Security: Changes to Microsoft Patch Tuesday

    Application Security: Changes to Microsoft Patch Tuesday

    Everyone should be patching like Microsoft. You can argue with some of the tiny details about how Microsoft schedules..


    So, Now We Have a Federal CISO...

    So, now we have a federal CISO, Brigadier General [Retired] Gregory J. Touhill, as part of the Office of Management and..

    60 Minutes & the

    60 Minutes & the "Signaling System Seven (SS7) Vulnerability"

    Over the weekend, 60 Minutes featured a segment on how cellphones and mobile phone networks are vulnerable to hacking,..


    The 4 Dimensions of a sound Application Security Strategy

    For many application security vendors, "coverage" is the third rail — but it's a critical part of your application..

    Can Openness in the US Government Lead to Better Application Security?

    Can Openness in the US Government Lead to Better Application Security?

    On Tuesday morning, ZDNet reported that U.S. government has published a new federal policy that aims to encourage more..

    Peiter Zatko's (Mudge) Cyber Independent Testing Lab methods.... just another flash in the pan?

    Last week, The Intercept published an article (A Famed Hacker is Grading Thousands of Programs – and May Revolutionize..