Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Kim Carter
July 03, 2021
Technology
0
430
Application Intrusion Detection
Kim Carter
July 03, 2021
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
480
Security Regression Testing on OWASP Zap Node API
binarymist
1
9.5k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.2k
OWASP Quiz Night
binarymist
2
1.2k
The Art of Exploitation
binarymist
2
1.1k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
750
OWASP NZ Day 2016
binarymist
0
150
Infectious Media with Rubber Ducky
binarymist
1
510
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.7k
Other Decks in Technology
See All in Technology
10個のフィルタをAXI4-Streamでつなげてみた
marsee101
0
160
【re:Invent 2024 アプデ】 Prompt Routing の紹介
champ
0
140
ブラックフライデーで購入したPixel9で、Gemini Nanoを動かしてみた
marchin1989
1
510
LINE Developersプロダクト(LIFF/LINE Login)におけるフロントエンド開発
lycorptech_jp
PRO
0
120
社内イベント管理システムを1週間でAKSからACAに移行した話し
shingo_kawahara
0
180
なぜCodeceptJSを選んだか
goataka
0
150
大幅アップデートされたRagas v0.2をキャッチアップ
os1ma
2
520
継続的にアウトカムを生み出し ビジネスにつなげる、 戦略と運営に対するタイミーのQUEST(探求)
zigorou
0
500
Amazon SageMaker Unified Studio(Preview)、Lakehouse と Amazon S3 Tables
ishikawa_satoru
0
150
OpenAIの蒸留機能(Model Distillation)を使用して運用中のLLMのコストを削減する取り組み
pharma_x_tech
4
540
Wantedly での Datadog 活用事例
bgpat
1
400
LINEスキマニにおけるフロントエンド開発
lycorptech_jp
PRO
0
330
Featured
See All Featured
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Building Better People: How to give real-time feedback that sticks.
wjessup
365
19k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
28
2.1k
Building an army of robots
kneath
302
44k
4 Signs Your Business is Dying
shpigford
181
21k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.5k
BBQ
matthewcrist
85
9.4k
Building Adaptive Systems
keathley
38
2.3k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
95
17k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel
binarymist
marsee101
champ
marchin1989
lycorptech_jp
shingo_kawahara
goataka
os1ma
zigorou
ishikawa_satoru
.png){kind=icon}
pharma_x_tech
bgpat
yeseniaperezcruz
wjessup
danielanewman
marktimemedia
kneath
shpigford
bluesmoon
matthewcrist
keathley
caitiem20
panda_program
thoeni
