Skip to content

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. He recently authored the DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, and PivotalOne. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.

Subscribe Now
    Topics
    We've Been Hacked. Our Data Was Breached. What Do I Do Now?

    We've Been Hacked. Our Data Was Breached. What Do I Do Now?

    We're Sorry You Got Hacked. First, if you just detected a data breach, you've been hacked, and you should probably stop..

    Why It's Time for Terms Like

    Why It's Time for Terms Like "Static" and "Dynamic" Analysis to Die

    In John Godfrey Saxe's retelling of The Blind Men and the Elephant, six blind men try to teach each other what an..

    Why Static Application Security Scanners Just Can't Cut It Anymore

    Why Static Application Security Scanners Just Can't Cut It Anymore

    Static Analysis and Dynamic Analysis Tools Have Their Place To be clear: I’ve been an advocate of both dynamic..

    The 6 Pillars of Application Security

    The 6 Pillars of Application Security

    Once you discover a vulnerability, it instantly is super-critical information. How do you protect security..

    Is Your AppSec Tool Truly Scalable?

    Is Your AppSec Tool Truly Scalable?

    Many businesses are trapped in a dilemma, a Morten's Fork – should we rely on automated tools to assure the application..

    The OWASP Top Ten and Beyond

    The OWASP Top Ten and Beyond

    The past decade shows only trivial progress in improving web app security, according to new vulnerability guidelines in..

    Went To AppSec California 2014. Tried Contrast. Here's My Story.

    Went To AppSec California 2014. Tried Contrast. Here's My Story.

    We receive "fan" mail from many of our clients, and lots of people who watch a demo are impressed. But when Steve..

    What Healthcare Can Teach Us About Application Security

    What Healthcare Can Teach Us About Application Security

    The Centers for Disease Control protects people from health threats and increases the health security of our nation...

    The Dirty Little Secret Everyone in Application Security Knows But Few Actually Talk About: Until You Actually Fix Your Code, You're Not Actually More Secure

    The Dirty Little Secret Everyone in Application Security Knows But Few Actually Talk About: Until You Actually Fix Your Code, You're Not Actually More Secure

    Here's the dirty little secret everybody in application security knows but few are willing to say out loud: Until you..