Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Kim Carter
July 03, 2021
Technology
0
510
Application Intrusion Detection
Kim Carter
July 03, 2021
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
550
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.3k
OWASP Quiz Night
binarymist
2
1.2k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
800
OWASP NZ Day 2016
binarymist
0
190
Infectious Media with Rubber Ducky
binarymist
1
590
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.9k
Other Decks in Technology
See All in Technology
改竄して学ぶコンテナサプライチェーンセキュリティ ~コンテナイメージの完全性を目指して~/tampering-container-supplychain-security
mochizuki875
1
190
Amazon ECS デプロイツール ecspresso の開発を支える「正しい抽象化」の探求 / YAPC::Fukuoka 2025
fujiwara3
12
3.2k
Flutterコントリビューションのススメ
d_r_1009
1
400
はじめての OSS コントリビューション 〜小さな PR が世界を変える〜
chiroito
4
320
明日から真似してOk!NOT A HOTELで実践している入社手続きの自動化
nkajihara
1
710
旧から新へ: 大規模ウェブクローラの Perl から Go への移行 / YAPC::Fukuoka 2025
motemen
3
900
探求の技術
azukiazusa1
7
2.2k
マイクロリブート ~ACEマインドセットで実現するアジャイル~
sony
1
370
データとAIで未来を創るDatabricks - 君の可能性を加速させるプラットフォーム
taka_aki
0
110
プログラミング言語を書く前に日本語を書く── AI 時代に求められる「言葉で考える」力/登壇資料(井田 献一朗)
hacobu
PRO
0
160
自己的售票系統自己做!
eddie
0
450
Claude Code 10連ガチャ
uhyo
3
690
Featured
See All Featured
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.8k
How to train your dragon (web standard)
notwaldorf
97
6.4k
Statistics for Hackers
jakevdp
799
220k
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.5k
Site-Speed That Sticks
csswizardry
13
960
Git: the NoSQL Database
bkeepers
PRO
432
66k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
658
61k
How GitHub (no longer) Works
holman
315
140k
It's Worth the Effort
3n
187
28k
Agile that works and the tools we love
rasmusluckow
331
21k
Gamification - CAS2011
davidbonilla
81
5.5k
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel
binarymist
mochizuki875
fujiwara3
d_r_1009
chiroito
nkajihara
motemen
azukiazusa1
sony
taka_aki
hacobu
eddie
uhyo
mongodb
notwaldorf
jakevdp
keavy
jcasabona
csswizardry
bkeepers
lemiorhan
holman
3n
rasmusluckow
davidbonilla
