Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Kim Carter
July 03, 2021
Technology
0
520
Application Intrusion Detection
Kim Carter
July 03, 2021
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
560
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.4k
OWASP Quiz Night
binarymist
2
1.2k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
810
OWASP NZ Day 2016
binarymist
0
200
Infectious Media with Rubber Ducky
binarymist
1
600
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.9k
Other Decks in Technology
See All in Technology
WordPress は終わったのか ~今のWordPress の制作手法ってなにがあんねん?~ / Is WordPress Over? How We Build with WordPress Today
tbshiki
1
800
今年のデータ・ML系アップデートと気になるアプデのご紹介
nayuts
1
460
[CMU-DB-2025FALL] Apache Fluss - A Streaming Storage for Real-Time Lakehouse
jark
0
120
Microsoft Agent 365 についてゆっくりじっくり理解する!
skmkzyk
0
370
プロンプトやエージェントを自動的に作る方法
shibuiwilliam
12
10k
ExpoのインダストリーブースでみたAWSが見せる製造業の未来
hamadakoji
0
140
.NET 10の概要
tomokusaba
0
110
Database イノベーショントークを振り返る/reinvent-2025-database-innovation-talk-recap
emiki
0
220
Lessons from Migrating to OpenSearch: Shard Design, Log Ingestion, and UI Decisions
sansantech
PRO
1
140
AWS Security Agentの紹介/introducing-aws-security-agent
tomoki10
0
300
チーリンについて
hirotomotaguchi
6
2k
Jakarta Agentic AI Specification - Status and Future
reza_rahman
0
110
Featured
See All Featured
Agile that works and the tools we love
rasmusluckow
331
21k
The Invisible Side of Design
smashingmag
302
51k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
54k
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
Into the Great Unknown - MozCon
thekraken
40
2.2k
Done Done
chrislema
186
16k
Building Applications with DynamoDB
mza
96
6.8k
Git: the NoSQL Database
bkeepers
PRO
432
66k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
249
1.3M
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
970
Balancing Empowerment & Direction
lara
5
800
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
359
30k
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel
binarymist
tbshiki
nayuts
jark
skmkzyk
shibuiwilliam
hamadakoji
tomokusaba
emiki
sansantech
tomoki10
hirotomotaguchi
reza_rahman
rasmusluckow
smashingmag
destraynor
keithpitt
thekraken
chrislema
mza
bkeepers
sugarenia
tammyeverts
lara
bermonpainter
