Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Application Intrusion Detection

Application Intrusion Detection

Kim Carter

July 03, 2021
Tweet

More Decks by Kim Carter

Other Decks in Technology

Transcript

  1. COMMUNITY TOPICS
    Welcome
    InfoSecNZ Slack, OWASP Slack
    Anything else people want to mention?
    Tonights talk (Chris - Incident Response), (Me -
    Application Intrusion Detection)

    View Slide

  2. APPLICATION
    INTRUSION
    DETECTION

    View Slide

  3. HIDS, NIDS, AIDS?

    View Slide

  4. 1. Asset Identification
    2. Identify Risks
    3. Countermeasures
    4. Risks that Solution Causes
    5. Costs and Trade-offs

    View Slide

  5. 1. SSM Asset Identification

    View Slide

  6. 2. SSM Identify Risks

    View Slide

  7. Lack of Visibility
    Insufficient Logging (->) & Monitoring (<-)

    Covered in

    for OWASP Top 10
    Insufficient Attack Protection
    Book ->
    Holistic Info-Sec for Web Developers
    No. 10
    Lack of Active Automated Prevention

    View Slide

  8. 3. SSM Countermeasures

    View Slide

  9. Lack of Visibility ...
    Detection works where prevention fails and detection is
    of no use without response
    Bruce Schneier

    View Slide

  10. Lack of Visibility

    OWASP Top 10 -

    Insufficient Logging
    Insufficient Monitoring
    A10
    Kim's book

    View Slide

  11. WAF
    App Intrusion Detection & Response
    Active Automated Prevention
    Insufficient Attack Protection

    View Slide

  12. App Intrusion Detection->Prevention is reactive

    View Slide

  13. By being proactive -> SAST, DAST

    View Slide

  14. It's been 8 years
    now in alpha and releases being
    published regularly
    purpleteam
    It's time to let someone else take over
    Pete Nicholls is taking over from me
    Next Meetup Last Wed of Sep - Pete & Toni - Ask
    anything panel

    View Slide