What's Wrong with Application Security?

Jeff Williams, Chair of OWASP, on the Top Vulnerabilities to Software Applications
The level of application security threats is rising, but the level of response is not. "That's a serious disconnect," says Jeff Williams, chair of the OWASP Foundation.The sophistication of today's threats evolves constantly, Williams says. Software security, alas, does not. But there is hope for organizations that want to improve application security.

In an exclusive interview, Williams discusses:

  • The state of application security today;
  • Top threats to software applications;
  • What individual organizations can do to improve application security.

Williams is the founder and CEO of Aspect Security and serves as the Chair of the Open Web Application Security Project (OWASP). Prior to starting Aspect, Jeff built a successful application security consulting practice at Exodus Communications and worked with a broad range of government and commercial organizations on high assurance applications. Jeff has specialized in information security since 1989 and has published numerous papers focused on practical risk and assurance techniques. Jeff has been writing code for 25 years in many different environments but has focused primarily on Java and J2EE security for the past 10 years. Jeff is a primary author of the OWASP Top 10 Web Application Security Vulnerabilities and the OWASP Secure Software Development Contract Annex, and he leads several OWASP projects. He also chaired the group responsible for creating ISO 21827, the Systems Security Engineering Capability Maturity Model (SSE-CMM).Jeff has undergraduate degrees in Psychology and Computer Science from the University of Virginia, an MA in Human Factors Engineering from George Mason University, and a JD cum laude from the Georgetown University Law Center, where he specialized in intellectual property and cyberlaw.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.