Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Application Intrusion Detection

Kim Carter
July 03, 2021
Technology
0
290

Application Intrusion Detection

Kim Carter

July 03, 2021
Tweet

More Decks by Kim Carter

See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
310
Security Regression Testing on OWASP Zap Node API
binarymist
1
7.9k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
880
OWASP Quiz Night
binarymist
2
960
The Art of Exploitation
binarymist
1
900
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
590
OWASP NZ Day 2016
binarymist
0
110
Infectious Media with Rubber Ducky
binarymist
1
300
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.3k

Other Decks in Technology

See All in Technology
サーバーレス技術とDevSecOps: 安全かつ迅速なデプロイメントの新時代
gl_tsukasa
1
650
上流工程に挑戦!「俺の考えた最強サーバレス構成」が一瞬で敗北した件
kentosuzuki
2
140
ログから学ぶgo build
nasa_desu
1
340
Warningアラートを放置しない!アラート駆動でログやメトリックを自動収集する仕組みによる恩恵
mashiike
2
160
【IoT-Tech Meetup #5】WireGuardを動かす環境やハードウェア紹介
soracom
PRO
0
140
Dive Into The Cutting-edge LINE API Innovations
linedevth
1
370
TechNight#71 - Oracle Database 23c 新機能#1 JSON関連新機能
oracle4engineer
PRO
0
120
LLM×Cloud Runでオンライン薬局の既存オペレーションを自動化した話
pharma_x_tech
0
700
GraphQLはどんな時に使うか
saboyutaka
31
7.5k
LLMアプリケーションの安定性を高めるための精度評価・改善
nrryuya
3
1.1k
サーバーレスは死なぬ!みんなEDA(Event Driven Architecture)として使ってるでしょ?
cyberarchitect
5
2k
Fivetranでデータ移動を自動化する
hankehly
0
150

Featured

See All Featured
The Web Native Designer (August 2011)
paulrobertlloyd
78
2.6k
Practical Orchestrator
shlominoach
179
9.3k
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
197
11k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
123
30k
10 Git Anti Patterns You Should be Aware of
lemiorhan
644
56k
What the flash - Photography Introduction
edds
64
11k
Robots, Beer and Maslow
schacon
154
7.6k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
239
20k
How To Stay Up To Date on Web Technology
chriscoyier
780
250k
Scaling GitHub
holman
455
140k
How STYLIGHT went responsive
nonsquared
89
4.4k
KATA
mclloyd
13
11k

Transcript

  1. COMMUNITY TOPICS
    Welcome
    InfoSecNZ Slack, OWASP Slack
    Anything else people want to mention?
    Tonights talk (Chris - Incident Response), (Me -
    Application Intrusion Detection)

    View Slide

  2. APPLICATION
    INTRUSION
    DETECTION

    View Slide

  3. HIDS, NIDS, AIDS?

    View Slide

  4. 1. Asset Identification
    2. Identify Risks
    3. Countermeasures
    4. Risks that Solution Causes
    5. Costs and Trade-offs

    View Slide

  5. 1. SSM Asset Identification

    View Slide

  6. 2. SSM Identify Risks

    View Slide

  7. Lack of Visibility
    Insufficient Logging (->) & Monitoring (<-)

    Covered in

    for OWASP Top 10
    Insufficient Attack Protection
    Book ->
    Holistic Info-Sec for Web Developers
    No. 10
    Lack of Active Automated Prevention

    View Slide

  8. 3. SSM Countermeasures

    View Slide

  9. Lack of Visibility ...
    Detection works where prevention fails and detection is
    of no use without response
    Bruce Schneier

    View Slide

  10. Lack of Visibility

    OWASP Top 10 -

    Insufficient Logging
    Insufficient Monitoring
    A10
    Kim's book

    View Slide

  11. WAF
    App Intrusion Detection & Response
    Active Automated Prevention
    Insufficient Attack Protection

    View Slide

  12. App Intrusion Detection->Prevention is reactive

    View Slide

  13. By being proactive -> SAST, DAST

    View Slide

  14. It's been 8 years
    now in alpha and releases being
    published regularly
    purpleteam
    It's time to let someone else take over
    Pete Nicholls is taking over from me
    Next Meetup Last Wed of Sep - Pete & Toni - Ask
    anything panel

    View Slide