Podcasts about contrast security

Are you struggling to scale your cybersecurity sales team effectively while launching a disruptive new product? Wondering how to build a winning go-to-market culture, especially when working channel-first? Trying to figure out how to attract and enable the right channel partners to drive real revenue growth? This episode dives deep into the practical strategies for sales and marketing leaders navigating these exact questions.In this conversation we discuss: 

This week, we are joined by Jeff Williams, former Global Chairman of OWASP and Founder and CTO of Contrast Security, who is discussing what could happen to "Secure by Design" in the next administration and how to secure software through regs. Ben has the story of Elon Musk's and DOGE's incursion into federal databases. Dave's got the story of a man who was wrongly convicted of identity theft. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Inside Musk's Aggressive Incursion Into the Federal Government He Went to Jail for Stealing Someone's Identity. But It Was His All Along. Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our Caveat Briefing, a weekly newsletter available exclusively to N2K Pro members on N2K CyberWire's website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's Caveat Briefing covers the story of the Department of Justice (DOJ) suing to block Hewlett Packard Enterprise's (HPE) $14 billion acquisition of Juniper Networks, arguing that the merger would reduce competition in the wireless networking industry. The DOJ claims Juniper has pressured rivals like HPE to lower prices and innovate, and consolidation would weaken these benefits, potentially harming industries reliant on wireless networks. HPE and Juniper dispute the DOJ's claims, insisting the deal would enhance competition and improve networking infrastructure. Curious about the details? Head over to the Caveat Briefing for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

Is cybersecurity gatekeeping holding back the industry? Naomi Buckwalter, Senior Director of Product Security at Contrast Security and Founder of the Cybersecurity Gatebreakers Foundation, argues that fresh talent and open doors are crucial for industry growth. In this episode, Naomi challenges why industry hiring norms fall short, shares candid stories of her own missteps, and explains why humility and learning are just as important as technical skills in cybersecurity.   Impactful Moments: 00:00 – Introduction 03:15 – Building a genuine presence on LinkedIn 07:40 – Founding the Cybersecurity Gatebreakers Foundation 12:00 – Why hiring juniors is a win for cybersecurity 17:58 – Relationship building in cybersecurity 25:27 – Lessons from layoffs and overcoming failure 35:45 – Setting goals and attracting opportunities Links: Connect with our guest, Naomi Buckwalter: https://www.linkedin.com/in/naomi-buckwalter/ Learn more about the Cybersecurity Gatebreakers Foundation: https://www.cybersecuritygatebreakers.org/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

We present a panel discussion with software leaders from Contrast Security and Tenable sharing guidance and best practices for security in DevOps practices. Panelists are:Mike Clausen - Director of Product Management, Contrast SecurityPhillip Hayes - Director Information Security, TenableTemi Adebambo - Head of Security Solutions Architecture, AWSTopics Include:The significance of introducing security into the DevOps processes for Modern ArchitecturesBalancing need for speed & agility with need for securityCommon challenges in security in DevOpsWhat does “Shift Left” mean to the panelists?Considerations & guidance for “shifting left”Best Practices for security testing & vulnerability managementSuggested metrics for organizational leaders

Arshan Dabirsiaghi of Pixee joins Robert and Chris to discuss startups, AI in appsec, and Pixee's Codemodder.io. The conversation begins with a focus on the unrealistic expectations placed on developers regarding security. Arshan points out that even with training, developers may not remember or apply security measures effectively, especially in complex areas like deserialization. This leads to a lengthy and convoluted process for fixing security issues, a problem that Arshan and his team have been working to address through their open-source tool, Codemodder.io.Chris and Arshan discuss the dynamic nature of the startup world. Chris reflects on the highs and lows experienced in a single day, emphasizing the importance of having a resilient team that can handle these fluctuations. They touch upon the role of negativity in an organization and its potential to hinder progress. Arshan then delves into the history of Contrast Security and its pioneering work in defining RASP (Runtime Application Self-Protection) and IAST (Interactive Application Security Testing) as key concepts in appsec.The group also explores the future of AI in application security. Arshan expresses his view that AI will serve more as a helper than a replacement in the short term. He believes that those who leverage AI will outperform those who don't. The conversation also covers the potential risks of relying too heavily on AI, such as the introduction of vulnerabilities and the loss of understanding in code development. Arshan emphasizes the importance of a feedback loop in the development process, where each change is communicated to the developer, fostering a learning environment. This approach aims to improve developers' understanding of security issues and promote better coding practices.Links:Pixee https://www.pixee.ai/Pixee's Codemodder.io: https://codemodder.io/Book Recommendation:Hacking: The Art of Exploitation, Vol. 2  by John Erickson: https://nostarch.com/hacking2.htmAleph One's "Smashing The Stack for Fun and Profit":http://phrack.org/issues/49/14.htmlTim Newsham's "Format String Attacks": https://seclists.org/bugtraq/2000/Sep/214Matt Conover's "w00w00 on Heap Overflows" (reposted):https://www.cgsecurity.org/exploit/heaptut.txtJeremiah Grossman, aka rain forest puppy (rfp):https://www.jeremiahgrossman.com/#writingJustin Rosenstein's original codemod on GitHub:https://github.com/facebookarchive/codemodFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Dan Nguyen is a Partner at Decibel where he focuses on helping founders build the next-generation of disruptive ML / AI, cloud infrastructure and cybersecurity companies. Prior to joining Decibel, he was a Vice President at Battery Ventures where he led investments in Databricks, SumoLogic, Expel, Contrast Security and InfluxData. Earlier in his career, Dan worked at VMware and spent time at UBS in the technology investment banking group. In this episode, we talk about: - Dan's story & how he started investing?- The origin story of Decibel and how they raised a $225 Million debut fund at the back of strong track record- How they pick companies to back?- Use of AI on both the good and bad side- How has Dan's investing approach evolved over the years?and much more.. Links: Decibel website - https://www.decibel.vc/ Follow Dan on X - https://twitter.com/dannguyenhuu Follow Dan on Linkedin - https://www.linkedin.com/in/dan-nguyen-huu-11502719/ Hosted by Prashant Choubey - https://www.linkedin.com/in/choubeysahab/ Subscribe to VC10X for more insightful episodes!

Patrick is an Application Security Advisor, Cloud Security Architect, IAM Threat Detection & Response Consultant at Fannie Mae, a leading provider of mortgage financing in the US. He has over 20 years of technology, application security, artificial intelligence, data science, cybersecurity, fintech, machine learning, IoT and cyber physical security experience, spanning the full spectrum of securing the OSI Model. He is also a certified ScrumMaster (CSM) and a participant in the Constellation Network Flight Program, a blockchain-based platform for decentralized applications. Patrick has been trusted by the US Federal Government as a Senior Application Security Engineer & Architect at the High Risk Public Trust Sensitivity Level. Patrick was the first person ever hired in the position at the United States

Jeff Willams of Contrast Security joins Chris and Robert on the Application Security Podcast to discuss runtime security, emphasizing the significance of Interactive Application Security Testing (IAST) in the modern DevOps landscape. After reflecting on the history of OWASP, the conversation turns to the challenges organizations face in managing their application security (AppSec) backlogs. Jeff highlights the alarming number of unresolved issues that often pile up, emphasizing the inefficiencies of traditional security tools.Jeff champions IAST, and here are a few highlights that he shares. IAST is ideally suited for DevOps by seamlessly transforming regular test cases into security tests. IAST can provide instant feedback, leading to a Mean Time To Repair (MTTR) of just three days across numerous applications. Unlike Static Application Security Testing (SAST) or Dynamic Application Security Testing (DAST), which can take hours or even days, IAST can complete security testing during the build, fitting within the tight SLAs of modern pipelines.IAST offers developers comprehensive insights, which aids in a better understanding and quicker resolution of the identified issues. It is also adaptable, as IAST can detect vulnerabilities before they are exploited. Jeff argues that IAST's ability to work with existing test cases and provide rapid feedback makes it a perfect fit for the fast-paced DevOps environment.Jeff emphasizes that while runtime security can be a game-changer, it doesn't replace other essential aspects of AppSec programs, such as training. In conclusion, Jeff Williams champions IAST as a revolutionary tool in the application security domain. Its adaptability, efficiency, and depth of insights make it a must-have in the toolkit of modern developers and security professionals.Links:Jeff on LinkedIn: https://www.linkedin.com/in/planetlevel/Java Observability Toolkit (JOT): https://github.com/planetlevel/jotIdentified by John Wilander: https://www.amazon.com/IDENTIFIED-hacker-thriller-headlines-newspapers/dp/B09NRF399JVenture in Security article about circle stickers:  https://ventureinsecurity.net/p/solving-the-circle-sticker-problemFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In this episode of Product Thinking, Steve Wilson, Chief Product Officer at Contrast Security, joins Melissa Perri to explore the dynamic world of product management. They dive into the intersection of customer demands and technological shifts, how to harness the power of AI in product management, the integration of AI and Machine Learning for enhanced cybersecurity, and how product managers can meet both user needs and security requirements.

DSO Overflow S3EP3Leveraging Systems ThinkingwithSimon CopleyIn this episode, Steve, Jess and I are joined by Simon Copsey who talks to us about taking a systems thinking approach to improving organisational performance. He tells us among other things, about challenging assumptions, identifying, understanding and managing constraints, and how important it is to recognise cognitive dissonance.Resources mentioned in this podcast:Simon's LinkedIn profileCurious Coffee ClubGoldratt's Rule of FlowThe Unicorn ProjectThe GoalDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Contrast Security, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S3EP2Cloud SecuritywithPaul SchwarzenbergerIn this episode, Steve and I are joined by Paul Schwarzenberger who talks to us about cloud providers, cloud security and an OWASP project he has recently started working on. We hear about Paul's journey into cloud security, his views on certification programmes, and he warns us of the security traps that await us when working with cloud technologies.Resource mentioned in this podcast:OWASP 2023 Global AppSec in DublinOWASP Domain Protect projectPaul's LinkedIn profileDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Contrast Security, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

In this episode, Harshil is joined by Naomi Buckwalter, Director of Product Security at Contrast Security. Contrast Security is an application security platform that helps developers and security teams write secure code and protects business applications against targeted cybersecurity attacks. The Contrast platform is able to effectively identify actual vulnerabilities from false positives, resulting in faster remediation. With more than two decades of experience in IT and Security, Naomi shares some tips on how to run a product security program, how to build a diverse team, and how to refine the hiring process to empower managers to choose the right candidates. Topics discussed: How Naomi came to lead the product security team at Contrast Security The story behind Cybersecurity Gatebreakers, Naomi's nonprofit foundation advocating for and supporting the next generation of cybersecurity professionals The supposed talent shortage in cybersecurity,  and the challenges in finding and hiring the right talent How to choose the right questions during an interview and what to prioritize during the hiring process Naomi's LinkedIn course that's providing valuable educational content on how to be better security leaders Naomi's book recommendation for cybersecurity leaders How to come up with a reprioritizing plan to counter the effects of a workforce reduction

DSO Overflow S3EP1CVE, CVSS and the Land of Broken DreamswithFrancesco CipolloneIn this episode, Steve and Glenn are joined by Francesco 'Frank' Cipollone CEO and Founder of AppSec Phoenix. Frank talks about CVEs, CVSS scoring and how they create too much noise to be effective in helping organisations improve their security posture. We hear Frank speak about contextualisation and risk as a means to improve security within your organisation.Resource mentioned in this podcast:AppSec Phoenix websiteFrank's Cyber Security and Cloud PodcastWhitepaper on vulnerability managementDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Contrast Security, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

An Untraditional Approach to DevSecOps & The Future of Application Security TestingIn this episode of Agent of Influence, Nabil is joined by Larry Maccherone, DevSecOps Transformation Architect at Contrast Security. They explore Larry's untraditional definition of DevSecOps, application security testing tools like IAST, SAST, and DAST, and the future of application security testing.

Steve Wilson, Chief Product Officer at Contrast Security explains how the use of open source software can introduce security issues related to newly discovered vulnerabilities and how companies can identify and mitigate those issues by using software composition analysis (SCA) and runtime application self-protection (RASP) tools. https://www.contrastsecurity.com/ https://www.contrastsecurity.com/developer Secure Talk Podcast https://securetalkpodcast.com/security-risks-with-open-source-software-steve-wilson-chief-product-officer-at-contrast-security/

0-day vulnerabilities pose a high risk because cybercriminals race to exploit them and vulnerable systems are exposed until a patch is issued & installed. These types of software vulnerabilities can be found through continuous detection but even then may not always have a patch available. It's important for software teams to set up tools that continually look for these types of flaws, as well as defenses that let software adapt itself to an evolving threat landscape. In this episode, we will discuss the ins and outs of 0-day vulnerabilities and what the future of managing them looks like. Segment Resources: Recent 0-day blog: https://www.contrastsecurity.com/security-influencers/contrast-protect-eliminates-another-zero-day-headache What is Contrast Security video: https://www.youtube.com/watch?v=8FwY6zJX1ms The Contrast Secure Code Platform video: https://www.youtube.com/watch?v=k5CycR4R6bg   This segment is sponsored by Contrast Security. Visit https://securityweekly.com/contrast to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw204

0-day vulnerabilities pose a high risk because cybercriminals race to exploit them and vulnerable systems are exposed until a patch is issued & installed. These types of software vulnerabilities can be found through continuous detection but even then may not always have a patch available. It's important for software teams to set up tools that continually look for these types of flaws, as well as defenses that let software adapt itself to an evolving threat landscape. In this episode, we will discuss the ins and outs of 0-day vulnerabilities and what the future of managing them looks like. Segment Resources: Recent 0-day blog: https://www.contrastsecurity.com/security-influencers/contrast-protect-eliminates-another-zero-day-headache What is Contrast Security video: https://www.youtube.com/watch?v=8FwY6zJX1ms The Contrast Secure Code Platform video: https://www.youtube.com/watch?v=k5CycR4R6bg   This segment is sponsored by Contrast Security. Visit https://securityweekly.com/contrast to learn more about them!   This week in the AppSec News: speculative execution attack with retbleed, CSRB's report on log4j, one-line lowercase action leads to a vuln, approaching SOC2 with secure engineering principles, free online Mac Malware book   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw204

0-day vulnerabilities pose a high risk because cybercriminals race to exploit them and vulnerable systems are exposed until a patch is issued & installed. These types of software vulnerabilities can be found through continuous detection but even then may not always have a patch available. It's important for software teams to set up tools that continually look for these types of flaws, as well as defenses that let software adapt itself to an evolving threat landscape. In this episode, we will discuss the ins and outs of 0-day vulnerabilities and what the future of managing them looks like. Segment Resources: Recent 0-day blog: https://www.contrastsecurity.com/security-influencers/contrast-protect-eliminates-another-zero-day-headache What is Contrast Security video: https://www.youtube.com/watch?v=8FwY6zJX1ms The Contrast Secure Code Platform video: https://www.youtube.com/watch?v=k5CycR4R6bg   This segment is sponsored by Contrast Security. Visit https://securityweekly.com/contrast to learn more about them!   This week in the AppSec News: speculative execution attack with retbleed, CSRB's report on log4j, one-line lowercase action leads to a vuln, approaching SOC2 with secure engineering principles, free online Mac Malware book   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw204

0-day vulnerabilities pose a high risk because cybercriminals race to exploit them and vulnerable systems are exposed until a patch is issued & installed. These types of software vulnerabilities can be found through continuous detection but even then may not always have a patch available. It's important for software teams to set up tools that continually look for these types of flaws, as well as defenses that let software adapt itself to an evolving threat landscape. In this episode, we will discuss the ins and outs of 0-day vulnerabilities and what the future of managing them looks like.   Segment Resources: Recent 0-day blog: https://www.contrastsecurity.com/security-influencers/contrast-protect-eliminates-another-zero-day-headache   What is Contrast Security video: https://www.youtube.com/watch?v=8FwY6zJX1ms   The Contrast Secure Code Platform video: https://www.youtube.com/watch?v=k5CycR4R6bg   This segment is sponsored by Contrast Security. Visit https://securityweekly.com/contrastsecurity to learn more!   https://adhdatwork.add.org/help-adhd-employees-succeed/

Introducing the concept of Tanium Data as a Service. When you've got a product like Tanium, that collects so much useful data - why would you want to keep it within Tanium? The 'Data-as-a-Service' model aims to increase the value of the Tanium product by safely sharing its data with other teams, tools, and groups within a customer's organization. This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!   Then, in the enterprise security news, CyberInt raises $28M for attack surface detection, RapidFort raises $8.5M for… pre-attack surface detection? Managing and monitoring your quantum devices? Making sure you don't lose access to your crypto wallets, IBM acquires Randori, Contrast Security makes some of their tools free, Rumble adds more interesting new features, Microsoft Defender for everyone, and more! PIXM stops phishing attacks at point of click with computer vision in the browser, protecting users from phishing beyond the mailbox in any application. With the launch of PIXM Mobile, PIXM is now delivering this capability on iPhones as well as desktop devices. Segment Resources: https://pixmsecurity.com/mobile/ This segment is sponsored by Pixm. Visit https://securityweekly.com/pixm to learn more about them!   The rise in disclosed vulnerabilities, the speed they are weaponized, and the cyber talent shortage have left teams struggling to wade through a mountain of vulnerabilities. In this discussion, Mehul will discuss the need for a new way to cut through the noise to focus teams on prioritizing and fixing those critical vulnerabilities that will most reduce risk in each organization's environment. He'll also cover how Qualys is redefining risk and vulnerability management in the latest version of VMDR and share stories of how customers have leveraged this solution to dramatically reduce risk. Segment Resources: www.qualys.com/trurisk www.qualys.com/vmdr This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw278

Introducing the concept of Tanium Data as a Service. When you've got a product like Tanium, that collects so much useful data - why would you want to keep it within Tanium? The 'Data-as-a-Service' model aims to increase the value of the Tanium product by safely sharing its data with other teams, tools, and groups within a customer's organization. This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!   Then, in the enterprise security news, CyberInt raises $28M for attack surface detection, RapidFort raises $8.5M for… pre-attack surface detection? Managing and monitoring your quantum devices? Making sure you don't lose access to your crypto wallets, IBM acquires Randori, Contrast Security makes some of their tools free, Rumble adds more interesting new features, Microsoft Defender for everyone, and more! PIXM stops phishing attacks at point of click with computer vision in the browser, protecting users from phishing beyond the mailbox in any application. With the launch of PIXM Mobile, PIXM is now delivering this capability on iPhones as well as desktop devices. Segment Resources: https://pixmsecurity.com/mobile/ This segment is sponsored by Pixm. Visit https://securityweekly.com/pixm to learn more about them!   The rise in disclosed vulnerabilities, the speed they are weaponized, and the cyber talent shortage have left teams struggling to wade through a mountain of vulnerabilities. In this discussion, Mehul will discuss the need for a new way to cut through the noise to focus teams on prioritizing and fixing those critical vulnerabilities that will most reduce risk in each organization's environment. He'll also cover how Qualys is redefining risk and vulnerability management in the latest version of VMDR and share stories of how customers have leveraged this solution to dramatically reduce risk. Segment Resources: www.qualys.com/trurisk www.qualys.com/vmdr This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw278

Then, in the enterprise security news, CyberInt raises $28M for attack surface detection, RapidFort raises $8.5M for… pre-attack surface detection? Managing and monitoring your quantum devices? Making sure you don't lose access to your crypto wallets, IBM acquires Randori, Contrast Security makes some of their tools free, Rumble adds more interesting new features, Microsoft Defender for everyone, and more!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw278

Then, in the enterprise security news, CyberInt raises $28M for attack surface detection, RapidFort raises $8.5M for… pre-attack surface detection? Managing and monitoring your quantum devices? Making sure you don't lose access to your crypto wallets, IBM acquires Randori, Contrast Security makes some of their tools free, Rumble adds more interesting new features, Microsoft Defender for everyone, and more!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw278

Want to know how wins the automation cage battle between Cypress vs Playwright?  What open-source tool can help you scale your DevOps and SRE? Has your software escaped the blast radius of the latest GitHub Breach? Find out the answers to these and other end-to-end full pipeline DevOps, automation, performance, and security testing in 10 minutes or less in this episode of the test guild news show for the week of April 24   0:27  Applitools Free Account   https://rcl.ink/xroZw 1:01  UFT Mobile  https://links.testguild.com/CL9Mb 1:39 Flutter https://links.testguild.com/UusAd 2:31 Cypres VS Playwright https://applitools.info/964 3:34 Screenplay Pattern https://links.testguild.com/ZTrdj 4:07 Postman https://links.testguild.com/b4sEP 5:36 Keptn https://links.testguild.com/zkk5L 6:23 SolarWinds https://links.testguild.com/YRmMY 7:44 Github Breach https://links.testguild.com/EQ9FE 8:41 Contrast Security https://links.testguild.com/8pTVH

About Jeff WilliamsJeff brings more than 20 years of security leadership experience as Co-Founder and Chief Technology Officer of Contrast. Previously, Jeff was Co-Founder and Chief Executive Officer of Aspect Security, a successful and innovative application security consulting company acquired by Ernst & Young. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for eight years and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open projects. Jeff has a BA from the University of Virginia, an MA from George Mason, and a JD from Georgetown. Twitter: @planetlevel LinkedIn: https://www.linkedin.com/in/planetlevel/ Contrast Security website: https://www.contrastsecurity.com/ OWASP Foundation: https://owasp.org/

Jeff Williams Co-Founder & CTO of Contrast Security talks about the latest developments in DevOps and application security including serverless technology, self-protecting security, and Function as a Service (FaaS)for security applications.

This week, we welcome Steve Wilson, Chief Product Officer at Contrast Security, to discuss Integrating Appsec Tools for DevOps Teams! In the AppSec news: Salesforce reveals their bounty totals for 2021, GitHub opens its advisory database for collaboration, a year in review of ICS vulns, automating WordPress plugin security analysis, the Secure Software Factory from CNCF, Samsung's encryption mistakes, filling in the missing semester of Computer Science!   Show Notes: https://securityweekly.com/asw186 Visit https://securityweekly.com/contrast to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Steve Wilson, Chief Product Officer at Contrast Security, to discuss Integrating Appsec Tools for DevOps Teams! In the AppSec news: Salesforce reveals their bounty totals for 2021, GitHub opens its advisory database for collaboration, a year in review of ICS vulns, automating WordPress plugin security analysis, the Secure Software Factory from CNCF, Samsung's encryption mistakes, filling in the missing semester of Computer Science!   Show Notes: https://securityweekly.com/asw186 Visit https://securityweekly.com/contrast to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

DevOps teams have often been underserved by security tools. Modern appsec solutions need to fit within the existing workflows related to how software is built and deployed. But just dropping a tool into that pipeline isn't sufficient -- there are apps that haven't migrated to modern build processes or framework and many cloud-native apps demand different approaches to deployment. We'll cover the different approaches to adapting security tools to the needs of the developers.   This segment is sponsored by Contrast Security. Visit https://securityweekly.com/contrast to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw186

DevOps teams have often been underserved by security tools. Modern appsec solutions need to fit within the existing workflows related to how software is built and deployed. But just dropping a tool into that pipeline isn't sufficient -- there are apps that haven't migrated to modern build processes or framework and many cloud-native apps demand different approaches to deployment. We'll cover the different approaches to adapting security tools to the needs of the developers.   This segment is sponsored by Contrast Security. Visit https://securityweekly.com/contrast to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw186

Jeff Williams is the co-founder and CTO of Contrast Security and the founder of the OWASPA foundation. In this episode of Cybersecurity Unplugged, Williams discusses how working from home impacts software development and security, the use of executive order: Zero Trust, security labels and creating visibility in the market, and company mandates and making the market more competitive by achieving a higher level of security.      

This week, we welcome Larry Maccherone, DevSecOps Transformation at Contrast Security, to discuss Shift Left, NOT S#!T LEFT! In the AppSec News: PwnKit LPE in Linux, two different smart contract logic flaws in two different hacks, a $100K bounty for Safari, Python NaN coercion, and AppSec games!   Show Notes: https://securityweekly.com/asw182 Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Larry Maccherone, DevSecOps Transformation at Contrast Security, to discuss Shift Left, NOT S#!T LEFT! In the AppSec News: PwnKit LPE in Linux, two different smart contract logic flaws in two different hacks, a $100K bounty for Safari, Python NaN coercion, and AppSec games!   Show Notes: https://securityweekly.com/asw182 Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Today's guest is Jeff Williams, Co-Founder and CTO of Contrast Security. Would you rather be right or compelling? In this episode, Jeff discusses Contrast Security, how the application security space has evolved, what their "inside out" approach is, the impact and need of the Executive Order, how he got his start in cybersecurity, the relevance of his law degree, what keeps him up at night, and as always, his toughest lesson learned. 

 Jeff Williams from Contrast Security takes our questions about their new Serverless Scanning Tool and gives a demo to show just how easy it is.  Video demo can be found here: https://youtu.be/R4NkfbNw5YsLearn more here: https://www.contrastsecurity.com/contrast-serverless-application-security Join our online community here: community.wehackpurple.com Our online courses in #AppSec and Secure Coding: academy.wehackpurple.com 

Everything we do is online. We bank online, access healthcare, pay our taxes, build our businesses -  and along the way we put trust in companies to keep us protected. Unfortunately, companies aren't great at writing secure software. Contrast Security wants to change that. Jeff Williams, Co-founder & CTO of Contrast Security, and Steve Wilson, CPO, join the Dev Interrupted podcast to discuss the future of application security (AppSec), the importance of security automation and why the traditional way of doing security - where you scan app after app a few times a year - is over.Contrast Security is hiring: Check out their open positions.Join our Discord Community ►► discord.gg/devinterruptedOur Website ►► devinterrupted.com/Want to try LinearB?  Book a LinearB Demo and use the "Dev Interrupted Podcast" discount code.Have 60 seconds? Review the show on Apple Podcasts

In this podcast, we explore the topic of why there are so many JDKs, how are they the same, and how they are different. We balance the Java perspective with a special guest from the Rust foundation to learn how a peer ecosystem works.Quick summary—the role of Java as a central system runtime lead to multiple implementations and the companies that make different distributions offer support and sponsor different work. For example Azul and Microsoft worked on Apple M1, and Bellsoft and Microsoft worked on Alpine Musl. All JREs are compatible through the TCK and vendors work together on security patches for the entire ecosystem.Guests:Simon Ritter, Deputy CTO of Azul Systems, making the Azul Platform, including the Azul Zulu builds of OpenJDK.Dmitry Chuyko, Senior Performance Engineer of Bellsoft, making the Liberica builds of OpenJDK.Bruno Borges, Product Manager Microsoft, making the Microsoft builds of OpenJDK and Temurin, Adoptium's builds of OpenJDK.Ashley Williams, founder and open-source strategist for the Rust Foundation.Erik Costlow, Developer Relations for Contrast Security, securing Java and non-Java applications.Foojay Articles:Fantastic JVMs and Where to Find Them

Seeking to capitalize on the full potential of digital transformation, organizations are turning to serverless applications to accelerate development cycles, reduce operational complexities, and improve efficiencies. But as organizations embrace serverless applications, a majority are encountering security roadblocks that impede release cycles and/or ratchet up risk. This podcast explores findings and insights from a recent serverless application security report and plots actionable recommendations on how organizations can realize the comprehensive benefits of serverless applications without sacrificing security!   Segment Resources: Whitepaper: Contrast Scan Is Faster, More Accurate, and More Efficient - https://www.contrastsecurity.com/white-paper-modern-application-security-scanning eBook: Pipeline-Native Static Analysis Why It Is the Future of SAST - https://www.contrastsecurity.com/ebook-static-analysis-security-testing Solution Brief: Contrast Scan: Modern Application Security Scanning - https://www.contrastsecurity.com/hubfs/DocumentsPDF/Contrast-Scan-Modern-Application-Security-Scanning_Solution%20Brief_Final.pdf   This segment is sponsored by Contrast Security. Visit https://securityweekly.com/contrast to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw246

This week, Adrian and Paul talk about why we need A Plea for Better Press Releases! In the second segment, we welcome Surag Patel, Chief Strategy Officer at Contrast Security, to discuss Why Less Is More for Static Application Scanning! In the Enterprise Security News: Wiz raises $250 million at a staggering $6 billion valuation, Gretel.ai, another privacy engineering startup, raises $50 million, Forcepoint acquires Bitglass, Yubico releases a new line of biometric security keys, Facebook releases an open source tool for analyzing mobile app code, Venture capital needs to clear its, plate, or it can't have any pudding, Maritime security has a lot of security work to do, & don't forget to stick around for the weekly squirrel!   Show Notes: https://securityweekly.com/esw246 Segment Resources: Visit https://securityweekly.com/contrast to learn more about them! Whitepaper: Contrast Scan Is Faster, More Accurate, and More Efficient - https://www.contrastsecurity.com/white-paper-modern-application-security-scanning eBook: Pipeline-Native Static Analysis Why It Is the Future of SAST - https://www.contrastsecurity.com/ebook-static-analysis-security-testing Solution Brief: Contrast Scan: Modern Application Security Scanning - https://www.contrastsecurity.com/hubfs/DocumentsPDF/Contrast-Scan-Modern-Application-Security-Scanning_Solution%20Brief_Final.pdf   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Adrian and Paul talk about why we need A Plea for Better Press Releases! In the second segment, we welcome Surag Patel, Chief Strategy Officer at Contrast Security, to discuss Why Less Is More for Static Application Scanning! In the Enterprise Security News: Wiz raises $250 million at a staggering $6 billion valuation, Gretel.ai, another privacy engineering startup, raises $50 million, Forcepoint acquires Bitglass, Yubico releases a new line of biometric security keys, Facebook releases an open source tool for analyzing mobile app code, Venture capital needs to clear its, plate, or it can't have any pudding, Maritime security has a lot of security work to do, & don't forget to stick around for the weekly squirrel!   Show Notes: https://securityweekly.com/esw246 Segment Resources: Visit https://securityweekly.com/contrast to learn more about them! Whitepaper: Contrast Scan Is Faster, More Accurate, and More Efficient - https://www.contrastsecurity.com/white-paper-modern-application-security-scanning eBook: Pipeline-Native Static Analysis Why It Is the Future of SAST - https://www.contrastsecurity.com/ebook-static-analysis-security-testing Solution Brief: Contrast Scan: Modern Application Security Scanning - https://www.contrastsecurity.com/hubfs/DocumentsPDF/Contrast-Scan-Modern-Application-Security-Scanning_Solution%20Brief_Final.pdf   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Seeking to capitalize on the full potential of digital transformation, organizations are turning to serverless applications to accelerate development cycles, reduce operational complexities, and improve efficiencies. But as organizations embrace serverless applications, a majority are encountering security roadblocks that impede release cycles and/or ratchet up risk. This podcast explores findings and insights from a recent serverless application security report and plots actionable recommendations on how organizations can realize the comprehensive benefits of serverless applications without sacrificing security!   Segment Resources: Whitepaper: Contrast Scan Is Faster, More Accurate, and More Efficient - https://www.contrastsecurity.com/white-paper-modern-application-security-scanning eBook: Pipeline-Native Static Analysis Why It Is the Future of SAST - https://www.contrastsecurity.com/ebook-static-analysis-security-testing Solution Brief: Contrast Scan: Modern Application Security Scanning - https://www.contrastsecurity.com/hubfs/DocumentsPDF/Contrast-Scan-Modern-Application-Security-Scanning_Solution%20Brief_Final.pdf   This segment is sponsored by Contrast Security. Visit https://securityweekly.com/contrast to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw246

This week, we welcome Jeff Williams, Co-Founder and Chief Technology Officer at Contrast Security, to discuss Transforming Modern Software Development with Developer-first Application Security! Modern software development demands a different approach to application security. Contrast's developer-first Application Security Platform empowers developers to accelerate the release of secure code with highly accurate results that include context-aware, how-to-fix vulnerability remediation guidance.   In the AppSec News, Mike and John talk: RCE in Azure OMI, punching a hole in iMessage BlastDoor, Travis CI exposes sensitive environment variables, keeping code ownership accurate, deploying security as a product, IoT Device Criteria (aka nutrition labels), & more!   Show Notes: https://securityweekly.com/asw166 Segment Resources: 2021 Application Security Observability Report: https://view-su2.highspot.com/viewer/612ff3a8c6485f4687834782 White Paper: Pipeline-native Scanning for Modern Application Development https://view-su2.highspot.com/viewer/612ff3e4cc0bb2392d968b25 DevSecOps Requires a Platform Approach to Application Security https://view-su2.highspot.com/viewer/612ff42ecb2d1b6cd60f3f65   Visit https://securityweekly.com/contrast to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Jeff Williams, Co-Founder and Chief Technology Officer at Contrast Security, to discuss Transforming Modern Software Development with Developer-first Application Security! Modern software development demands a different approach to application security. Contrast's developer-first Application Security Platform empowers developers to accelerate the release of secure code with highly accurate results that include context-aware, how-to-fix vulnerability remediation guidance.   In the AppSec News, Mike and John talk: RCE in Azure OMI, punching a hole in iMessage BlastDoor, Travis CI exposes sensitive environment variables, keeping code ownership accurate, deploying security as a product, IoT Device Criteria (aka nutrition labels), & more!   Show Notes: https://securityweekly.com/asw166 Segment Resources: 2021 Application Security Observability Report: https://view-su2.highspot.com/viewer/612ff3a8c6485f4687834782 White Paper: Pipeline-native Scanning for Modern Application Development https://view-su2.highspot.com/viewer/612ff3e4cc0bb2392d968b25 DevSecOps Requires a Platform Approach to Application Security https://view-su2.highspot.com/viewer/612ff42ecb2d1b6cd60f3f65   Visit https://securityweekly.com/contrast to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Modern software development demands a different approach to application security. Contrast's developer-first Application Security Platform empowers developers to accelerate the release of secure code with highly accurate results that include context-aware, how-to-fix vulnerability remediation guidance.   Show Notes: https://securityweekly.com/asw166 Segment Resources: 2021 Application Security Observability Report: https://view-su2.highspot.com/viewer/612ff3a8c6485f4687834782 White Paper: Pipeline-native Scanning for Modern Application Development https://view-su2.highspot.com/viewer/612ff3e4cc0bb2392d968b25 DevSecOps Requires a Platform Approach to Application Security https://view-su2.highspot.com/viewer/612ff42ecb2d1b6cd60f3f65 This segment is sponsored by Contrast Security. Visit https://securityweekly.com/contrast to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes!

Modern software development demands a different approach to application security. Contrast's developer-first Application Security Platform empowers developers to accelerate the release of secure code with highly accurate results that include context-aware, how-to-fix vulnerability remediation guidance.   Show Notes: https://securityweekly.com/asw166 Segment Resources: 2021 Application Security Observability Report: https://view-su2.highspot.com/viewer/612ff3a8c6485f4687834782 White Paper: Pipeline-native Scanning for Modern Application Development https://view-su2.highspot.com/viewer/612ff3e4cc0bb2392d968b25 DevSecOps Requires a Platform Approach to Application Security https://view-su2.highspot.com/viewer/612ff42ecb2d1b6cd60f3f65 This segment is sponsored by Contrast Security. Visit https://securityweekly.com/contrastto learn more about them! Visit https://www.securityweekly.com/aswfor all the latest episodes!

The SEC's inquiry into the SolarWinds incident may expose other, unrelated data breaches. Researchers identify an IoT botnet, Meris, as responsible for DDoS attacks against a number of banks. German prosecutors have opened an investigation into the GhostWriter campaign. Researchers look at the cozy, implausibly deniable relationship between Russia's security services and cyber gangs. A money-launderer gets eleven years. David Dufour from Webroot has straight talk about paying the ransom. Our guest is Jeff Williams from Contrast Security with a look at AppSec Observability. Congratulations to the SINET 16 winners. And we remember 9/11: has it already been twenty years? For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/175

Foojay community members discuss the modernization of Jakarta EE applications from the older Java EE form, including backwards-compatibility, as well as forwards-excitement about cool new developments like Microprofile.Guests:Rudy De Busscher, product manager of Payara and EE contributor.Josh Juneau, consultant and author of Jakarta EE Recipes.Ivar Grimstad, Jakarta EE Advocate for the Eclipse Foundation.Erik Costlow, Developer Relations for Contrast Security to secure Java/Jakarta EE applications.

Foojay community members and beyond discuss embedded Java:James Gosling, creator of Java and embedded enthusiast. Distinguished engineer of AWS GreenGrass and former Liquid Robotics, an autonomous ocean vehicle powered by water.Frank Delporte, engineer with Toadi, an autonomous lawn-mowing robot (no wires) and Pi4J contributor of Raspberry-pi based robots.Johan Vos, founder of Gluon, helping make fully cross-platform applications where a single JavaFX codebase runs natively on embedded, iOS, Android, PCs, and browsers.Erik Costlow, developer relations for Contrast Security, locating security flaws in backend systems. Developer of home fuel/gas sensors.Topics:Java in Education: Combining Java with Rasperry Pi and the Pi4J LibraryDiscussion topics including:How Java was used in the ocean and how it makes complex problems possible.The speed of garbage collectors versus the speed of shark attacks (GC wins).Quick prototypes with Raspberry Pi, scaling through AWS GreenGrass.

This week, in our first segment, we welcome Rajiv Thomas, Sr Systems Engineer at Gas South LLC, to discuss Gas South and ExtraHop- A Journey of Security Partnership! In the Enterprise News, Contrast Security partners with Secure Code Warrior, Bandura releases the Cyber Intelligence Marketplace, Illumio beefs up zero-trust security with automated policy enforcement, Rapid7 Launches InsightCloudSec to Automate Continuous Security and Compliance, Leaked email shows Tanium just lost its fourth chief marketing officers in five years, Bitdefender launches eXtended EDR platform, ThycoticCentrify Releases a new version of Server Suite, Outpost24 acquires threat intelligence solution Blueliv, Microsoft acquires RiskIQ, Cybereason raises $275 million led by Steven Mnuchin's VC fund, and Arctic Wolf triples valuation and raises an additional $150m! Finally, we wrap up the show with two micro interviews from RSAC featuring Deepika Gajaria of Tala Security and Scott Scheferman from Eclypsium!   Show Notes: https://securityweekly.com/esw234 Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://securityweekly.com/talasecurity to learn more about them! To learn more about ExtraHop, visit: https://securityweekly.com/extrahop   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

In the Enterprise News, Contrast Security partners with Secure Code Warrior, Bandura releases the Cyber Intelligence Marketplace, Illumio beefs up zero-trust security with automated policy enforcement, Rapid7 Launches InsightCloudSec to Automate Continuous Security and Compliance, Leaked email shows Tanium just lost its fourth chief marketing officers in five years, Bitdefender launches eXtended EDR platform, ThycoticCentrify Releases a new version of Server Suite, Outpost24 acquires threat intelligence solution Blueliv, Microsoft acquires RiskIQ, Cybereason raises $275 million led by Steven Mnuchin's VC fund, and Arctic Wolf triples valuation and raises an additional $150m! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw234

This week, in our first segment, we welcome Rajiv Thomas, Sr Systems Engineer at Gas South LLC, to discuss Gas South and ExtraHop- A Journey of Security Partnership! In the Enterprise News, Contrast Security partners with Secure Code Warrior, Bandura releases the Cyber Intelligence Marketplace, Illumio beefs up zero-trust security with automated policy enforcement, Rapid7 Launches InsightCloudSec to Automate Continuous Security and Compliance, Leaked email shows Tanium just lost its fourth chief marketing officers in five years, Bitdefender launches eXtended EDR platform, ThycoticCentrify Releases a new version of Server Suite, Outpost24 acquires threat intelligence solution Blueliv, Microsoft acquires RiskIQ, Cybereason raises $275 million led by Steven Mnuchin's VC fund, and Arctic Wolf triples valuation and raises an additional $150m! Finally, we wrap up the show with two micro interviews from RSAC featuring Deepika Gajaria of Tala Security and Scott Scheferman from Eclypsium!   Show Notes: https://securityweekly.com/esw234 Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://securityweekly.com/talasecurity to learn more about them! To learn more about ExtraHop, visit: https://securityweekly.com/extrahop   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

In the Enterprise News, Contrast Security partners with Secure Code Warrior, Bandura releases the Cyber Intelligence Marketplace, Illumio beefs up zero-trust security with automated policy enforcement, Rapid7 Launches InsightCloudSec to Automate Continuous Security and Compliance, Leaked email shows Tanium just lost its fourth chief marketing officers in five years, Bitdefender launches eXtended EDR platform, ThycoticCentrify Releases a new version of Server Suite, Outpost24 acquires threat intelligence solution Blueliv, Microsoft acquires RiskIQ, Cybereason raises $275 million led by Steven Mnuchin's VC fund, and Arctic Wolf triples valuation and raises an additional $150m!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw234

SolarWinds addresses a zero-day that was exploited in the wild. A watering hole campaign lures users of online gaming sites. Inauthentic accounts (now suspended) get a blue check mark. Trickbot is back, with new capabilities. The DarkSide hits fashion retailer Guess. Malek Ben Salem from Accenture on Remediation of Vulnerabilities using AI. Our guest is Jeff Williams from Contrast Security with a look at Application Security in Financial Services. And some updates on Kaseya, its customers, and the current state of REvil. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/133

Our special guest today is Jeff Williams, Co-Founder and CTO of Contrast Security. Jeff was one of the pioneering members who formed the Open Web Application Security Project® (OWASP). Not only did he chair it, he also contributed to many successful open source projects, including WebGoat, the OWASP Application Security Verification Standard (ASVS), the OWASP Top Ten and much more.  Without him and others we would not be doing this podcast today. Besides founding Contrast Security in 2014, he started Aspect Security in 2002. Jeff got his law degree at Georgetown University Law Center along with a computer science and psychology degree at the University of Virginia. In the early 1990's, he built high assurance systems for the U.S. Navy and taught the INFOSEC curriculum for the NSA during the good old days of the Orange Book - a trusted computer system evaluation criteria for the U.S. Department of Defense.We want to say thank you to Contrast Security for being one of our sponsors for the inaugural OWASP Pacific Northwest Application Security Conference 2021.Jeff's LinksContrast SecurityLinkedInTwitterSecurity Maganize Article - New NIST Standards on IAST and RASP Deliver State-of-the-Art AppSecWebGoatASVSBlackHat USA - Enterprise Java Rootkits - "Hardly anyone watches the developers"PNWSEChttps://pnwcon.comTwitter: @pnwsecconpnwseccon@gmail.com (contact)Jeff Williams was interviewed by David Quisenberry and John L. Whiteman.Follow us:HomepageTwitterMeetupLinkedInYouTubeSupport the show (https://owasp.org/supporters/)

We talk all things security with Jeff Williams, co-founder of OWASP and CTO and co-founder of Contrast Security. Williams talks about what went wrong with SolarWinds last year, how President Biden's administration is looking to address the ongoing cybersecurity issue, and Contrast's latest open-source security report. 

The volume of software code being written by companies for new and existing software applications is exploding today—and growing even more due to Covid-19. Many enterprises are speeding up digital-transformation efforts that were in the works before the pandemic, owing to the need to move more services online, improve online products for customers and connect a workforce that is, in many instances, still toiling at home. But there’s a downside here that companies must manage, too: all the security risks that come with rapid application development. Enter Contrast Security*. The Los Altos, Calif. firm specializes in baking security into application development and extending it all the way through to production—in industry lingo, “DevSecOps”—which helps companies digitize more quickly and securely. In a recent interview with Powered by Battery, Contrast’s CEO, Alan Naumann, talks through the company’s mission as well as the special challenges, and opportunities, he’s faced as a leader this year. Have a listen. The information provided in this podcast is solely intended for the use of entrepreneurs, corporate CEOs and founders regarding Battery Ventures’ potential financing capabilities for prospective portfolio companies. The information is current as of the date it was published. The contents are not intended to be used in the investment decision making process related to any product or fund managed by Battery Ventures. Battery Ventures provides investment advisory services solely to privately offered funds. Battery Ventures neither solicits nor makes its services available to the public or other advisory clients. *Contrast Security is a Battery portfolio company. Investments identified above are for illustrative purposes only. No assumptions should be made that any investments identified above were or will be profitable. It should not be assumed that recommendations in the future will be profitable or equal the performance of the companies identified above. For more information about Battery Ventures’ potential financing capabilities for prospective portfolio companies, please refer to our website. For a complete list of portfolio companies, please go to: https://www.battery.com/our-companies/list/ Content obtained from third-party sources, although believed to be reliable, has not been independently verified as to its accuracy or completeness and cannot be guaranteed. Battery Ventures has no obligation to update, modify or amend the content of this podcast nor notify its audience in the event that any information, opinion, projection, forecast or estimate included, changes or subsequently becomes inaccurate.

In this episode of the DEVOPS 2020 recordings, Jeff Williams, Co-founder & Chief Technology Officer at Contrast Security will show how you can ensure software security from the “inside out” by leveraging the power of software instrumentation. Jeff will show how software security instrumentation works, how it’s being used in many organizations, and what the future holds for DevSecOps. All DEVOPS2020 event videos: https://hubs.ly/H0rnJgj0

An airhacks.fm conversation with Erik Costlow (@costlow) about: the superold 486, DOS bootdisks, the difference between information systems and computer science, writing webapps and dining ordering scheduling with PHP, the trouble to start with Java 1.5 in 2004, type annotations in Java - JSR-308 annotations on Java types, writing servlets on Apache Tomcat at formsite.com, starting at fortify, joining Oracle Java Platform Group, 2 years of Java without a zero day exploit, starting at contrastsecurity.com, Contrast Security is the Duke Choice Awards winner, no secret plans at Oracle, deleting code with Quarkus migration, well spending security efforts by focusing on relevant APIs, using the Java instrumentation API to observe what is actually used, security scanners are similar to profilers, simplifying code with Panache and Quarkus, integrating a security framework as Quarkus extension, the battle of Thermopylae, the difference between MicroProfile and Jakarta EE, MicroProfile Platform is great for conserving developer skills, Quarkus is an optimized version of Java EE, pushing Quarkus to AWS lambda, Erik Costlow on twitter: @costlow and contrastsecurity.com

In this week's episode we talked to Jeff Williams, the cofounder and CTO of Contrast Security and the cofounder of OWASP, about the updated cybersecurity framework from the National Institute of Standards and T echnology.

Contrast Security has released the first "Route Intelligence" functionality in the latest version of their next generation security platform. https://www.contrastsecurity.com/contrast-news In this DevOps Chat we speak with Contrast's CTO/co-founder, Jeff Williams, about what route intelligence is and why you should have a look at it. Contrast continues to set the bar in DevSecOps, pushing beyond vulnerability scanning to enable more security software.

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. Previously, Jeff was co-founder and CEO of Aspect Security, a successful and innovative application security consulting company acquired by EY.  Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 10 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.  https://www.linkedin.com/in/planetlevel/ @planetlevel  

So much happening on shifting security left, but what about shift right? Jeff Williams, CTO of Contrast Security gives us a great update on the state of DevSecOps, shift left, shift right and appsec, as well as DataOps. Jeff is one of the sharpest people in the cyberworld, so this is worth your time to hear what he is thinking.

In episode 15 of EnterpriseReady, Grant is joined by Jeff Williams, Co-Founder and CTO of Contrast Security. The two discuss the vast quantity of competing AppSec standards, the creation of the OWASP Top 10, and the future of application security.

In episode 15 of EnterpriseReady, Grant is joined by Jeff Williams, Co-Founder and CTO of Contrast Security. The two discuss the vast quantity of competing AppSec standards, the creation of the OWASP Top 10, and the future of application security. The post Ep. #15, Self-Protecting Software with Jeff Williams of Contrast Security appeared first on Heavybit.

In episode 15 of EnterpriseReady, Grant is joined by Jeff Williams, Co-Founder and CTO of Contrast Security. The two discuss the vast quantity of competing AppSec standards, the creation of the OWASP Top 10, and the future of application security. The post Ep. #15, Self-Protecting Software with Jeff Williams of Contrast Security appeared first on Heavybit.

In episode 15 of EnterpriseReady, Grant is joined by Jeff Williams, Co-Founder and CTO of Contrast Security. The two discuss the vast quantity of competing AppSec standards, the creation of the OWASP Top 10, and the future of application security.

Seth and Ken discuss Edge Side Include Injection. Subsequently joined by David Lindner (@golfhackerdave), the current head of AppSec at Contrast Security. David talks all about RASP, mobile and IoT security plus talk a little bit about appsec program building.

Seth and Ken discuss Edge Side Include Injection. Subsequently joined by David Lindner (@golfhackerdave), the current head of AppSec at Contrast Security. David talks all about RASP, mobile and IoT security plus talk a little bit about appsec program building.

The modern software supply chain contains many different points of distribution: JavaScript frameworks, npm modules, Docker containers, open source repositories, cloud providers, on-prem firmware, IoT, networking proxies, and so much more. With so much attack surface, securing a large enterprise is an uphill battle. Jeff Williams is the CTO at Contrast Security, a company that The post Security Monitoring with Jeff Williams appeared first on Software Engineering Daily.

I have known of Jeff Williams in the security industry for more than several years. He is a well respected thought leader in AppSec and OWASP. I finally got a chance to catch up with Jeff and talk with him about Contrast Security the company he co-founded and how it is helping.

It's a scary world out there. Threats to your software and applications seemingly lurk around every corner. So what's a development team to do? In this episode of Pivotal Insights, Surag Patel, chief security officer at Contrast Security, joins Jeff and Dormain talk about integrating security into the software development process. Find out how shifting security left results in faster releases, lower costs, and more secure software.

It's a scary world out there. Threats to your software and applications seemingly lurk around every corner. So what's a development team to do? In this episode of Pivotal Insights, Surag Patel, chief security officer at Contrast Security, joins Jeff and Dormain talk about integrating security into the software development process. Find out how shifting security left results in faster releases, lower costs, and more secure software.

As technology continues to make massive leaps and bounds, have you considered the future of your inside sales strategy? How can your sales team stay on the cutting edge by embracing technology like video and AI? On this episode of #SellingWithSocial, you’ll hear from sales and software expert Lori Harmon. Lori is a high-tech sales executive, author of the book “42 Rules for Building a High Velocity Inside Sales Team,” and a sales acceleration expert. Currently, Lori is the Vice President of Global Inside Sales for BlackBerry’s mobile security software division. Prior to Blackberry, Lori was Vice President of Sales at Contrast Security. Prior to Contrast, Lori held a number of executive sales leadership positions at high tech companies such as VeriSign, Melbourne IT, Interwoven, Brio Software, and Network General. Make sure you listen to this episode as Lori shares her wealth of wisdom and experience to help leaders like you remain competitive in the marketplace! This podcast is being brought to you by STAR - The Sales Team Alpine Retreat: A Frost & Sullivan Executive MindXchange taking place this February 7-9, 2018 in Lake Tahoe, Nevada. AI and adapting to new technology. What steps are you taking right now to ensure that your company stays competitive in a rapidly changing marketplace? Have you considered adopting new technology to keep your inside sales team on at the top of their game? On this episode of #SellingWithSocial, Lori and I discuss the use of video in sales, why inside sales teams should be embracing new technology, and what the future may hold with AI and other innovations. Did you know that Harvard Business Review conducted a study that found that companies that use AI have experienced a 50% increase in sales leads? Does that sound like something your sales team would like to get in on? Make sure to listen to this episode to hear more great insights and lessons from Lori! Why you should leverage the use of video every chance you get. How has your sales team embraced digital outreach? What steps are you taking to lead the way and utilize video every chance you get? On this episode of #SellingWithSocial, Lori and I talk about how we see video swiftly becoming a key tool for sales teams. Whether it's through personalized video messages you send to clients, or through the use of video conversations to help your clients connect a face to the person they are doing business with, the use of video is becoming a vital component. So what are you waiting for? Find out how the use of video can put your team ahead of the competition. Learn more by listening to this episode featuring Lori! How AI can impact the buyer side of the sales equation. With the rise of new and exciting technology like AI, many wonder if salespeople will soon be replaced with bots. Is that something you are worried about? Will automation and artificial intelligence really eliminate the need of buying from an actual person? On this episode of #SellingWithSocial, Lori describes why she see new technologies as amazing tools that will help inside sales teams do their jobs better but won’t replace them all together. Let’s face it, automation is here and there is not putting the genie back in its bottle. Salespeople don’t need to be afraid of technologies if they learn how to leverage the skillsets that AI and other techs can’t replicate. Lori encourages sales leaders to focus on their abilities like building relationships, adapting to new trends and information, and using their creativity and problem solving to help clients with their unique needs. What else can you learn from Lori’s unique perspective? Find out on this episode! This podcast is being brought to you by STAR - The Sales Team Alpine Retreat: A Frost & Sullivan Executive MindXchange taking place this February 7-9, 2018 in Lake Tahoe, Nevada. What inside sales teams should stop doing if they want to succeed. As a sales leader, you want your sales teams to do everything they can to get an advantage over the competition. If you want your team to stand out, you’ve got to be brave enough to reject the unproductive industry trends that everyone is adopting. One example of these unproductive trends is the practice of sending impersonal emails, voicemails, and other communications. This goes against the “conventional wisdom” in the sales community but if you and your team take the time to make sure that the messages you send to lead and clients are personal and well researched, that will make you stand out from your competitors. Don’t miss this episode of #SellingWithSocial as Lori shares more helpful lessons from her years of experience! Outline of This Episode [1:10] I introduce my guest, Lori Harmon. [2:15] Lori give a snapshot of her background. [7:30] Lori shares three of her rules for building a high velocity inside sales team. [9:00] How do you determine if an inside sales model is the right fit for your business? [12:30] What is the role of technology and specifically, video in inside sales? [17:00] Lori talks about AI and its use in inside sales. [25:30] How can using AI help with coaching and sales leadership? [31:00] How will AI impact the buyer side of the equation? [35:00] Can AI help create a personalized experience for sales leaders? [37:30] What do inside sales teams need to stop doing in order to succeed? Resources Mentioned Lori’s book, 42 Rules for Building a High-Velocity Inside Sales Team www.twitter.com/loriharmon https://www.linkedin.com/in/lorilharmon/ OneMob SalesForce Neil Rackham Gone with the Wind Connect with Mario! www.vengreso.com On Facebook On Twitter On YouTube On LinkedIn Subscribe to Selling With Social Apple Podcasts | Stitcher | Google Play

Ten sales rules you should break, how to pitch a venture capitalist, guiding employees towards mental health, and updates from Duo Security, Contrast Security, and more startup news! Full Show Notes: https://wiki.securityweekly.com/SSWEpisode60 Visit http://securityweekly.com/category/ssw for all the latest episodes!

Ten sales rules you should break, how to pitch a venture capitalist, guiding employees towards mental health, and updates from Duo Security, Contrast Security, and more startup news! Full Show Notes: https://wiki.securityweekly.com/SSWEpisode60 Visit http://securityweekly.com/category/ssw for all the latest episodes!

Ten sales rules you should break, how to pitch a venture capitalist, guiding employees towards mental health, and updates from Duo Security, Contrast Security, and more on this episode of Startup Security Weekly!Full Show Notes: https://wiki.securityweekly.com/SSWEpisode60Visit https://www.securityweekly.com/ssw for all the latest episodes!

Ten sales rules you should break, how to pitch a venture capitalist, guiding employees towards mental health, and updates from Duo Security, Contrast Security, and more on this episode of Startup Security Weekly!Full Show Notes: https://wiki.securityweekly.com/SSWEpisode60Visit https://www.securityweekly.com/ssw for all the latest episodes!

My guest this week is Jeff Williams, co-founder and Chief Technology Officer at Contrast Security. The reason that I wanted Jeff on the program is that his technology was massively interesting to me, given that application attacks are the single biggest vector for security breaches. In 2017 There will be 111 billion new lines of code produced resulting in endless complexity. His product was an Innovation Sandbox Finalist at RSA this year. So I wanted to understand more. I have tried to integrate application level firewalls and experienced working through real & hard human challenges of coders and network security people trying to defend and deploy at the same time I wanted to understand his technology better AND because iterative application development is going to be even more important for companies for their security to move at the pace of the business innovation and applications development and testing becoming more and more iterative and agile. So how do we do this? Major Take-Aways From This Episode: Planes, Cars, for example, are instrumented to security events via a dashboard and panel Instrument your software and turn it into self protecting software (like an internal robot helper) … always-on protection of an entire application portfolio Weave sensors into your application without disruptive scanning or expensive security experts Continuous Application Security at Scale & the Future of Dev Sec Ops Named a "Visionary" by Gartner The only "Transformational" tool in the entire category in the latest Gartner Hype Cycle Report. About Jeff Williams Jeff is co-founder and CTO of Contrast Security. He’s been working in application security for over 20 years and has found thousands of serious vulnerabilities in critical applications in hundreds of leading companies. He's extremely active in both open source and security communities and helped start OWASP where he created many open source tools and projects. Jeff pioneered the use of software instrumentation for application security and founded Contrast Security to bring this revolutionary technology to market. Jeff has spoken at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, and OWASP.  Jeff has degrees from UVA, George Mason, and Georgetown University Law Center. Read full transcript here. How to get in touch with Jeff Williams LinkedIn Twitter Key Resources: Website: contrastsecurity.com Innovation Sandbox Contest Finalist - Contrast Security Selected As Finalist For RSA Conference Innovation Sandbox Contest 2017, The Street Download Continuous Application Security Handbook RSA 2017 Presentation Overview Interviews: Bizety Hacked Opinions: The Legalities of Hacking – Jeff Williams, CSO Online This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes. Credits: * Outro music provided by Ben’s Sound Other Ways To Listen to the Podcast iTunes | Libsyn | Soundcloud | RSS | LinkedIn Leave a Review If you enjoyed this episode, then please consider leaving an iTunes review here Click here for instructions on how to leave an iTunes review if you're doing this for the first time. About Bill Murphy Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.