Session

I Still See Your AppSec Contractual Sins

Back in 2018, I presented at CodeBlue the first edition of my talk "The Decalogue of Contractual Security Sins", dealing with the most common pitfalls of integrating (or failing to integrate) the right security clauses in our commercial IT contracts.

Since then, things have improved in our industry, but we still have some ways to go. In this new talk, I focus specifically on the Application Security domain, and how to use familiar techniques - such as Threat Modelling - into designing AppSec relevant security clauses.

Furthermore, the plan is to launch a new OWASP project which will provide tooling and content templates for creating AppSec contractual clauses tailored for specific needs and for specific types of applications and contracts. CodeBlue would then be the "public launch" of this new OWASP project.

Sebastian Avarvarei

Information Security Manager for EMEA at Canon

The Hague, The Netherlands

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top