Application Intrusion Detection

July 03, 2021

480

Application Intrusion Detection

Kim Carter

July 03, 2021

Tweet

More Decks by Kim Carter

See All by Kim Carter

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

530

Security Regression Testing on OWASP Zap Node API

1

9.9k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.3k

OWASP Quiz Night

2

1.2k

The Art of Exploitation

2

1.1k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

790

OWASP NZ Day 2016

0

180

Infectious Media with Rubber Ducky

1

570

0wn1ng The Web at www.wdcnz.com

2

1.8k

Other Decks in Technology

See All in Technology

american aa airlines®️ USA Contact Numbers: Complete 2025 Support Guide

0

500

Transformerを用いたアイテム間の相互影響を考慮したレコメンドリスト生成

recruitengineers

2

430

Amplify Gen2から知るAWS CDK Toolkit Libraryの使い方/How to use the AWS CDK Toolkit Library as known from Amplify Gen2

1

350

60以上のプロダクトを持つ組織における開発者体験向上への取り組み - チームAPIとBackstageで構築する組織の可視化基盤 - / sre next 2025 Efforts to Improve Developer Experience in an Organization with Over 60 Products

3

1.9k

AI時代にも変わらぬ価値を発揮したい: インフラ・クラウドを切り口にユーザー価値と非機能要件に向き合ってエンジニアとしての地力を培う

0

130

組織内、組織間の資産保護に必要なアイデンティティ基盤と関連技術の最新動向

0

270

QuickSight SPICE の効果的な運用戦略～S3 + Athena 構成での実践ノウハウ～/quicksight-spice-s3-athena-best-practices

0

290

SREの次のキャリアの道しるべ〜SREがマネジメントレイヤーに挑戦して、気づいたこととTips〜

coconala_engineer

1

4.3k

AIエージェントが書くのなら直接CloudFormationを書かせればいいじゃないですか何故AWS CDKを使う必要があるのさ

18

7.6k

ビジネス職が分析も担う事業部制組織でのデータ活用の仕組みづくり / Enabling Data Analytics in Business-Led Divisional Organizations

1

390

Introduction to Bill One Development Engineer

0

260

Introduction to Sansan for Engineers / エンジニア向け会社紹介

5

39k

Featured

See All Featured

Embracing the Ebb and Flow

86

4.8k

ReactJS: Keep Simple. Everything can be a component!

667

120k

The Psychology of Web Performance [Beyond Tellerrand 2023]

48

2.9k

Art, The Web, and Tiny UX

299

21k

Put a Button on it: Removing Barriers to Going Fast.

60

3.9k

ピンチをチャンスに：未来をつくるプロダクトロードマップ #pmconf2020

126

53k

How STYLIGHT went responsive

100

5.6k

Designing Dashboards & Data Visualisations in Web Apps

231

53k

Stop Working from a Prison Cell

271

21k

RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub

138

34k

Unsuck your backbone

671

58k

Documentation Writing (for coders)

72

4.9k

Transcript

COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection) 
APPLICATION INTRUSION DETECTION 
HIDS, NIDS, AIDS? 
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs 
1. SSM Asset Identification 
2. SSM Identify Risks 
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention 
3. SSM Countermeasures 
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier 
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book 
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection 
App Intrusion Detection->Prevention is reactive 
By being proactive -> SAST, DAST 
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel 