Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Kim Carter
July 03, 2021
Technology
0
520
Application Intrusion Detection
Kim Carter
July 03, 2021
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
560
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.4k
OWASP Quiz Night
binarymist
2
1.2k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
810
OWASP NZ Day 2016
binarymist
0
200
Infectious Media with Rubber Ducky
binarymist
1
600
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.9k
Other Decks in Technology
See All in Technology
2025-12-27 Claude CodeでPRレビュー対応を効率化する@機械学習社会実装勉強会第54回
nakamasato
4
1.2k
Amazon Bedrock Knowledge Bases × メタデータ活用で実現する検証可能な RAG 設計
tomoaki25
6
2.5k
株式会社ビザスク_AI__Engineering_Summit_Tokyo_2025_登壇資料.pdf
eikohashiba
1
120
Authlete で実装する MCP OAuth 認可サーバー #CIMD の実装を添えて
watahani
0
200
Kiro を用いたペアプロのススメ
taikis
4
1.9k
100以上の新規コネクタ提供を可能にしたアーキテクチャ
ooyukioo
0
270
日本Rubyの会: これまでとこれから
snoozer05
PRO
6
250
M&Aで拡大し続けるGENDAのデータ活用を促すためのDatabricks権限管理 / AEON TECH HUB #22
genda
0
280
なぜ あなたはそんなに re:Invent に行くのか?
miu_crescent
PRO
0
220
AI駆動開発の実践とその未来
eltociear
2
500
MySQLとPostgreSQLのコレーション / Collation of MySQL and PostgreSQL
tmtms
1
1.3k
Strands Agents × インタリーブ思考 で変わるAIエージェント設計 / Strands Agents x Interleaved Thinking AI Agents
takanorig
5
2.2k
Featured
See All Featured
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
katarinadahlin
PRO
0
3.4k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
54k
Heart Work Chapter 1 - Part 1
lfama
PRO
3
35k
Documentation Writing (for coders)
carmenintech
77
5.2k
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.7k
Building Applications with DynamoDB
mza
96
6.9k
Unlocking the hidden potential of vector embeddings in international SEO
frankvandijk
0
130
The AI Search Optimization Roadmap by Aleyda Solis
aleyda
1
5k
<Decoding/> the Language of Devs - We Love SEO 2024
nikkihalliwell
0
100
More Than Pixels: Becoming A User Experience Designer
marktimemedia
2
260
The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek
aleyda
2
9.2k
Chasing Engaging Ingredients in Design
codingconduct
0
89
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel
binarymist
nakamasato
tomoaki25
eikohashiba
watahani
taikis
ooyukioo
snoozer05
genda
miu_crescent
eltociear
tmtms
takanorig
katarinadahlin
destraynor
lfama
carmenintech
jnunemaker
mza
frankvandijk
aleyda
nikkihalliwell
marktimemedia
codingconduct
