Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Application Intrusion Detection

Application Intrusion Detection

A397cb38965ab9f310e7148b8c3d1105?s=128

Kim Carter

July 03, 2021
Tweet

Transcript

  1. COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people

    want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection) 
  2. APPLICATION INTRUSION DETECTION 

  3. HIDS, NIDS, AIDS? 

  4. 1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks

    that Solution Causes 5. Costs and Trade-offs 
  5. 1. SSM Asset Identification 

  6. 2. SSM Identify Risks 

  7. Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered

    in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention 
  8. 3. SSM Countermeasures 

  9. Lack of Visibility ... Detection works where prevention fails and

    detection is of no use without response Bruce Schneier 
  10. Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient

    Monitoring A10 Kim's book 
  11. WAF App Intrusion Detection & Response Active Automated Prevention Insufficient

    Attack Protection 
  12. App Intrusion Detection->Prevention is reactive 

  13. By being proactive -> SAST, DAST 

  14. It's been 8 years now in alpha and releases being

    published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel 