Contrast Security // Jeff Williams

Contrast Security is the leader in modernized application security, embedding code analysis, and attack prevention directly into the software. Contrast’s patented deep security instrumentation completely disrupts traditional application security approaches with integrated, comprehensive security observability that delivers highly accurate assessment and continuous protection of an entire application portfolio.

Company Location: | Company Website


Looking For A Simple Tool To Test Web Apps? Contrast Security Scanner Explained

With Speaker: Jeff Williams

October 2nd, 2013

For over 25 years, my passion has been improving the security of the world’s software. I founded three very different but highly successful organizations to help solve the problem.

-Contrast Security (2014) is focused on fully automated application security at the speed and scale of DevOps. We invented a revolutionary technique leveraging dynamic binary instrumentation to assess applications for vulnerabilities *and* prevent vulnerabilities from being exploited. If you called it AppDynamics for security, you wouldn’t be too far off.

-Aspect Security (2002) was one of the first consulting firms to focus exclusively on application security. We supported very high profile financial, utilities, government agencies, entertainment, airline, and other industries with manual security code review and penetration testing, hands-on training and eLearning, architecture review and threat modeling, and other services. Aspect was acquired by EY in 2017.

-OWASP (2001) is a worldwide open-source application security organization with hundreds of chapters and 50,000 members worldwide. I created the Foundation, set up the Board, started chapters and conferences, and volunteered as Global Chair for 9 years. I also started and led many open-source projects used by millions, including the OWASP Top Ten, WebGoat, ESAPI, ASVS, and XSS Prevention Cheat Sheet.

In the early 1990s, I built high assurance systems for the Navy and taught the INFOSEC curriculum at the NSA during the Orange Book days. Later, I Chaired the Author Group for the SSE-CMM (now ISO 21827). I designed and built a high assurance guard in Java on Trusted Solaris.