Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Kim Carter
July 03, 2021
Technology
0
530
Application Intrusion Detection
Kim Carter
July 03, 2021
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
570
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.4k
OWASP Quiz Night
binarymist
2
1.3k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
820
OWASP NZ Day 2016
binarymist
0
200
Infectious Media with Rubber Ducky
binarymist
1
610
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.9k
Other Decks in Technology
See All in Technology
大規模な組織におけるAI Agent活用の促進と課題
lycorptech_jp
PRO
4
6.3k
研究開発部メンバーの働き⽅ / Sansan R&D Profile
sansan33
PRO
4
22k
AWS Bedrock Guardrails / 機密情報の入力・出力をブロックする — Blocking Sensitive Information Input/Output
kazuhitonakayama
2
180
dbt meetup #19 『dbtを『なんとなく動かす』を卒業します』
tiltmax3
0
120
【2026年版】生成AIによる情報システムへのインパクト
taka_aki
0
190
AIエンジニア Devin と歩む、自律型運用プロセスの構築
a2ito
0
200
AI時代のAPIファースト開発
nagix
2
640
Serverless Agent Architecture on Azure / serverless-agent-on-azure
miyake
1
100
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
43k
AIエージェントで変わる開発プロセス ― レビューボトルネックからの脱却
lycorptech_jp
PRO
2
760
What's new in Go 1.26?
ciarana
2
250
Data Hubグループ 紹介資料
sansan33
PRO
0
2.8k
Featured
See All Featured
A Guide to Academic Writing Using Generative AI - A Workshop
ks91
PRO
0
220
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
49
9.9k
Abbi's Birthday
coloredviolet
2
5k
Done Done
chrislema
186
16k
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
aleyda
1
1.8k
jQuery: Nuts, Bolts and Bling
dougneiner
65
8.4k
The SEO identity crisis: Don't let AI make you average
varn
0
400
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
250
Fireside Chat
paigeccino
41
3.8k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
287
14k
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
0
450
The Spectacular Lies of Maps
axbom
PRO
1
570
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel
binarymist
lycorptech_jp
sansan33
kazuhitonakayama
tiltmax3
taka_aki
a2ito
nagix
miyake
safie_recruit
ciarana
ks91
mongodb
coloredviolet
chrislema
aleyda
dougneiner
varn
inesmontani
paigeccino
stephaniewalter
honzajavorek
axbom
