Session
I Still See Your AppSec Contractual Sins
Back in 2018, I presented at CodeBlue the first edition of my talk "The Decalogue of Contractual Security Sins", dealing with the most common pitfalls of integrating (or failing to integrate) the right security clauses in our commercial IT contracts.
Since then, things have improved in our industry, but we still have some ways to go. In this new talk, I focus specifically on the Application Security domain, and how to use familiar techniques - such as Threat Modelling - into designing AppSec relevant security clauses.
Furthermore, the plan is to launch a new OWASP project which will provide tooling and content templates for creating AppSec contractual clauses tailored for specific needs and for specific types of applications and contracts. CodeBlue would then be the "public launch" of this new OWASP project.

Sebastian Avarvarei
Information Security Manager for EMEA at Canon
The Hague, The Netherlands
Links
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top