Jeff Williams

Co-Founder and CTO, Contrast

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. He's very active in the DevSecOps community, recently authored the DZone DevSecOps cheat sheet, and speaks frequently on the topic at conferences like Velocity, DevSecCon, JenkinsWorld, AppSecEU, and more. Prior to Contrast, Jeff was co-founder and CEO of Aspect Security, a successful and innovative application security consulting company acquired by EY. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.

Why Your SDLC Keeps Failing and How to Fix It

Presented by Jeff Williams • April 14, 2020

In this talk, we will share the theory and practice of a different approach to application security. Almost every large financial organization is already using software instrumentation for performance (APM) and a handful have already instrumented their applications for security. We'll discuss how their application...

OWASP Top Ten for 2013

Jeff Williams • May 7, 2013

The OWASP Top Ten list of security risks was created more than a decade ago to be the start of an industry standard that could bootstrap the legal system into encouraging more secure software. Here are the 2013 updates.

The AppSec Blame Game - Part 2

Jeff Williams • August 20, 2012

Secure is a possible state of affairs at a certain point in time. But rugged describes staying ahead of the threat over time. Rugged organizations create secure code as a byproduct of their culture.

Avoiding the AppSec Blame Game - Part 1

Jeff Williams • July 24, 2012

Blaming developers for application security problems is the wrong thing to do. Here are five reasons why application security development fails in the software development ecosystem of many companies.

How to Be an App Security Consultant

Jeff Williams • May 9, 2012

Application security is driving demand for highly skilled consultants. It's a challenging profession, and I've broken out five key skills that will distinguish you in the field.

Beyond Penetration Tests

Jeff Williams • January 24, 2012

IT security leaders rely on penetration testing to determine whether applications are secure. But penetration tests can't be a primary source of assurance, says Jeff Williams, co-founder of OWASP.

5 Application Security Tips

Jeff Williams • January 3, 2012

An analysis of many recent studies suggests that over 80 percent of applications contain simple vulnerabilities. Here are five tips that developers can leverage to secure their code.

Creating a Culture of Responsible Application Security

Presented by Jeff Williams • September 13, 2011

Software applications are the lifeblood of every organization, and today's #1 IT security threat is vulnerabilities in these applications. Complexity, interconnection and criticality of source code have resulted in a dangerous proliferation of vulnerabilities and risks. Register for this session to learn: How...