David Wichers
Dave has over 20 years of experience touching all aspects of secure software development for high assurance projects. A founding member of OWASP and current Board Member, Dave has contributed his expertise to many free and open tools, including the OWASP Top Ten, Enterprise Security API (ESAPI) and WebGoat. As a foremost expert in application security, Dave teaches secure coding practices to a worldwide clientele, including sectors of the Department of Defense and the Federal government. Dave began his career as a computer security consultant assisting DoD clients such as the NSA, U.S. Navy, U.S. Army and product vendors selling into the defense market. Dave holds a B.S.E in Computer Science from Arizona State and a M.S in Computer Science from the University of California at Davis and is a CISSP. A history buff, Dave enjoys genealogy, and discovered that he is a descendant of Pocahontas.
Subscribe Now- Thought Leaders
- Application Security
- Contrast News
- DevOps
- AppSec
- vulnerabilities
- Hacked
- Threat
- Runtime Security
- API security
- DevSecOps
- cyberattacks
- ADR
- Product
- cybersecurity
- Contrast Protect
- RASP
- Contrast Assess
- AI
- Application Detection and Response (ADR)
- Security
- CodeSec
- MFA
- incident response
- APIs
- Metrics
- cybersecurity awareness month
- CVE
- OSS
- data breach
- ransomware
- 2FA
- CISA
- IAST
- threat detection
- CISO
- SCA
- passwords
- runtime protection
- vulnerability
- SOC
- WAF
- application attacks
- regulation
- transparency
- AWS
- CISOs
- Contrast Scan
- JavaScript
- Log4j
- MTTR
- SAST
- SQL injection
- Vulnerability Management:
- backlog
- threat modeling
- .Net
- GitHub
- Log4Shell
- OpenSource
- SIEM
- Security Observability
- Threat Detection and Response
- XSS
- application layer
- attack
- breach
- critical infrastructure
- cyberespionage
- cybersecurity incident reporting
- observability
- path traversal
- risk management
- scan
- software development
- zero-day
- AST
- Application Layer Security
- Awards
- CISO Insights
- ChatGPT
- Cloud security
- Community Edition
- Contrast ADR
- Contrast SCA
- Cybersecurity Risk Management
- DBIR
- DHS
- EDR
- Gen AI
- KVE
- Log4Shell attacks
- Log4Shell exploit
- Log4j vulnerability
- NIST CVE Backlog
- OpenAI
- RSA
- React
- Runtime Application Security
- Security Operations Center (SOC)
- Security Vulnerability Management
- Splunk
- Threat Intelligence
- Web Application Firewall (WAF)
- artificial intelligence
- awareness
- chat apps
- cybercrime
- cybersecurity culture
- data privacy week
- detection
- detection response
- extended detection response
- financial institutions
- financial sector
- jQuery
- malware
- method tampering
- okta
- python
- remediation
- sbom
- secure by design
- security culture
- security monitoring
- shift smart
- supply chain
- unsafe deserialization
- vulnerability detection
- vulnerability disclosure
- workplace
- zero days
- .NET application
- .Net
- AI Act
- AI censorship
- AI-powered security remediation
- Angular
- Application Security (AppSec)
- Architecture design
- Article 25
- Attack Detection and Response (ADR)
- Attacks
- Below the Waterline
- CFO
- CISA Log4Shell
- CISA Vulnrichment
- CNAPP
- CSRF
- CVE Enrichment
- CVE-2021-44228
- CVSS Scores
- Chris Hughes
- Cloud Native Security
- Cloud platform protection
- Console
- Contrast AI remediation
- Contrast One
- Crisis simulations
- Cross-site scripting
- Cyber Bank Heists
- Cybersecurity Collaboration
- Cybersecurity Funding
- Cybersecurity ROI
- Cybersecurity tools
- DAST
- DORA
- Data protection
- DeepSeek AI
- Dependabot
- Developers
- Digital Operational Resilience Act
- Drupal
- EL injection
- EU Product Liability Directive (PLD)
- Encryption
- European Commission Amendments
- European Union
- False Positives
- Gartner Peer Insights
- Genie
- Git
- GitHub Action
- GitLab
- Go
- Government surveillance
- HIPAA
- HIPAA Amendments
- Healthcare Cybersecurity
- How to comply with SEC cybersecurity rules
- Incident Response challenges with CVE backlog
- Intelligent remediation guidance
- Intrusion Detection Systems
- IoT
- KEV catalog
- Known Exploited Vulnerabilities
- LLMs
- Log4Shell remediation
- Log4Shell vulnerability
- Log4j remediation
- MITRE ATT&CK
- MLflow
- MOVEit
- Managed Security Services
- Managed security service providers
- Microsoft
- Multifactor Authentication
- Namasday
- National security
- Netflix
- Node.js
- Open source security risks
- OpenSourceSoftware
- PATs
- Perimeter defenses
- Protect data
- RCA
- RCE
- Real-Time Threat Detection
- Regulation (EU) 2022/2554
- Risk assessment
- Ruby
- Runtime Application Security Protection (RASP)
- SEC
- SEC compliance
- SEC cybersecurity compliance
- SEC disclosure rules
- SOAR
- SOC (Security Operations Center)
- SOC incident response
- SecOps
- Secure from within
- Security controls
- Security engineering
- Software Compliance EU
- Software Composition Analysis (SCA)
- Software Defects and Compensation
- Software Security Liability
- Software supply chain security
- Third-party software vulnerabilities
- TypeScript
- Zero-Day Exploits
- Zero-Day Exploits Liability
- agents
- alert fatigue
- application threats
- application vulnerabilities
- attack chain disruption
- attack data
Loving our content? Subscribe now!
Get the latest application security news, trends, tips and insights content from Contrast directly to your inbox. By subscribing, you will stay up to date with all the latest and greatest from Contrast Security.