Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Kim Carter
July 03, 2021
Technology
560
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Application Intrusion Detection
Kim Carter
July 03, 2021
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
590
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.4k
OWASP Quiz Night
binarymist
2
1.3k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
860
OWASP NZ Day 2016
binarymist
0
210
Infectious Media with Rubber Ducky
binarymist
1
640
0wn1ng The Web at www.wdcnz.com
binarymist
2
2k
Other Decks in Technology
See All in Technology
AIっぽい文章を採点して人間らしく直すアプリを作ってみた
yama3133
2
150
作って終わりにしない タイミーのセマンティックレイヤー育成の現在地
chanyou0311
4
2.3k
フロンティアAIのゲート化と地政学リスク
nagatsu
0
130
ACE-Step-1.5で見る 音楽生成AIのしくみと“破綻だけ直す”Retake機能の開発【zennfes spring 2026 登壇資料】
personabb
1
310
10倍の生産性を実現するAI駆動並列エージェントのすべて
kumaiu
5
1.4k
20260619 私の日常業務での生成 AI 活用
masaruogura
1
190
Bedrock AgentCore RuntimeでAuth0 Changelog調査AIをアップグレードした話
t5u8a5a
1
120
MCP Appsを作ってみよう
iwamot
PRO
4
600
EventBridge Connection
_kensh
5
710
Bucharest Tech Week 2026 - Reinventing testing practices in the AI era
edeandrea
PRO
1
150
日本 Fintech 未来予測レポート 2027〜2028年(手動編集版)
8maki
0
2.2k
protovalidate-es を導入してみた
bengo4com
0
180
Featured
See All Featured
Navigating Team Friction
lara
192
16k
Leo the Paperboy
mayatellez
7
1.8k
JAMstack: Web Apps at Ludicrous Speed - All Things Open 2022
reverentgeek
1
470
Are puppies a ranking factor?
jonoalderson
1
3.5k
From π to Pie charts
rasagy
0
210
Become a Pro
speakerdeck
PRO
31
6k
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.2k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.9k
Into the Great Unknown - MozCon
thekraken
41
2.6k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.7k
Rebuilding a faster, lazier Slack
samanthasiow
85
9.5k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
10
1.2k
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel
binarymist
yama3133
chanyou0311
nagatsu
personabb
kumaiu
masaruogura
t5u8a5a
iwamot
_kensh
edeandrea
8maki
bengo4com
lara
mayatellez
reverentgeek
jonoalderson
rasagy
speakerdeck
maggiecrowley
bluesmoon
thekraken
philnash
samanthasiow
addyosmani
