SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

START FREE TRIAL

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. Previously, Jeff was co-founder and CEO of Aspect Security, a successful and innovative application security consulting company acquired by Ernst & Young. Jeff is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years.

Connect With Us :  

The Fast, Free, Fantastic Way to Find Cross-Site Scripting (XSS)

What Is XSS?

Cross-site scripting (XSS) is really pretty simple. Any time untrusted data ends up an HTML page without proper validation and escaping, you have a problem.  So when a developer takes an HTTP request parameter and it finds its way..

Continue Reading >>

The 10 Most Important Security Controls Missing in JavaEE

JavaEE has some excellent built-in security mechanisms, but they don’t come close to covering all the threats that your applications will face.  Many common attacks like Cross-Site Scripting (XSS), SQL Injection, Cross-Site Request Forgery (CSRF),..

Continue Reading >>

Staying Compliant with PCI DSS Can Be Easier Than You Think

 

What Does PCI DSS Compliance Mean?

In 2004, Visa, MasterCard, Discover, American Express, and JCB combined their minimum security standards for credit card processing together and crafted the Payment Card Industry Data Security Standard (PCI..

Continue Reading >>

Point of View: Tesla opens up bug bounty program

“Bug bounty programs have been surprisingly effective and I don’t see this being any different for Tesla.  I think they’re smart to start with their website as they learn how to handle the influx of security bug reports.  As they mature, they may..

Continue Reading >>

Point of View: Army's Public Website Hacked by Unknown Intruders

All breaches are not created equal. The Army breach is actually considerably more disturbing than the IRS breach.  

Continue Reading >>

Point of View: Federal Personnel Data Breach

Government agencies are in serious danger from cyber threats. While many have a continuous network security program in place, most have spent very little time securing their applications.  We are going to continue to see breaches of government..

Continue Reading >>

IRS Hackers stole $39M and effected 2.7 million taxpayers

It’s easy to jump all over the IRS for a seemingly obvious security problem. Congress and reporters are calling for a quick fix.  This isn’t like fixing a broken window.  The complexity is more like an entire city with lead pipes, crumbling..

Continue Reading >>

Interview: Jacob West, Chief Architect for Security Products at Netsuite

Thanks, everyone, for joining us on the Security Influencers Channel. We ask industry thought leaders to share their experiences and ideas about security in the future. We're hosting a series of brief and highly informative interviews with..

Continue Reading >>

Interview: Casey Fleming, Chairman & CEO of BLACKOPS Partners

Thanks, everyone, for joining us on the Security Influencers Channel. We're hosting a series of brief and highly informative interviews with influential security leaders and in 2015, we're talking about the implications of rapid software..

Continue Reading >>

Interview: Doug Depeppe of Eoesedge Legal, Cyberlaw and Services

Thanks, everyone, for joining us on the Security Influencers Channel. We're hosting a series of brief and highly informative interviews with influential security leaders and in 2015, we're talking about the implications of rapid software..

Continue Reading >>

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook