Skip to content

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. He recently authored the DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, and PivotalOne. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.

Subscribe Now
    Topics
    Secure Code Starts With Measuring What Developers Know

    Secure Code Starts With Measuring What Developers Know

    I recently discovered I've been teaching blindly about application security. I assumed that I know what students need..

    The Guerrilla Guide to Buying an Application Security Tool

    The Guerrilla Guide to Buying an Application Security Tool

    If you're going to buy an application security tool, don't get distracted by hype. Purchasing an application security..

    Application Security: We Still Have A Long Way To Go

    The past decade shows only trivial progress in improving web app security, according to new vulnerability guidelines in..

    3 Critical Things You Can Do During A Code Freeze With Contrast

    3 Critical Things You Can Do During A Code Freeze With Contrast

    Better Application Vulnerability Detection with Advanced Data Tagging

    Better Application Vulnerability Detection with Advanced Data Tagging

    I've been reviewing code for security problems for about 15 years now. I'm privileged to have seen the code for many of..

    HubSpot Vulnerability Fixed - Cross-Site Scripting (XSS) In The Cloud

    HubSpot Vulnerability Fixed - Cross-Site Scripting (XSS) In The Cloud

    This is the story of a minor XSS vulnerability in Contrast's website hosted at HubSpot. To be clear at the outset,..

    Why SQL Injection Attacks Still Need to be Dealt With

    Why SQL Injection Attacks Still Need to be Dealt With

    Earlier this week, hackers claimed to have stolen $100,000 from users of a California-based ISP using a SQL injection..

    handbook-cover0616.png

    A Continuous AppSec DashBoard in 8 Minutes Flat

    The software world is moving quickly towards continuous integration, continuous delivery, and even continuous..

    The *OTHER* Security Problem with Your Insecure Libraries

    In early 2012, we published a study called "The Unfortunate Reality of Insecure Libraries" where we found that just..