COMMUNITY TOPICSWelcomeInfoSecNZ Slack, OWASP SlackAnything else people want to mention?Tonights talk (Chris - Incident Response), (Me -Application Intrusion Detection)
View Slide
APPLICATIONINTRUSIONDETECTION
HIDS, NIDS, AIDS?
1. Asset Identification2. Identify Risks3. Countermeasures4. Risks that Solution Causes5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of VisibilityInsufficient Logging (->) & Monitoring (<-)Covered in for OWASP Top 10Insufficient Attack ProtectionBook ->Holistic Info-Sec for Web DevelopersNo. 10Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ...Detection works where prevention fails and detection isof no use without responseBruce Schneier
Lack of VisibilityOWASP Top 10 - Insufficient LoggingInsufficient MonitoringA10Kim's book
WAFApp Intrusion Detection & ResponseActive Automated PreventionInsufficient Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 yearsnow in alpha and releases beingpublished regularlypurpleteamIt's time to let someone else take overPete Nicholls is taking over from meNext Meetup Last Wed of Sep - Pete & Toni - Askanything panel