Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Kim Carter
July 03, 2021
Technology
0
460
Application Intrusion Detection
Kim Carter
July 03, 2021
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
510
Security Regression Testing on OWASP Zap Node API
binarymist
1
9.7k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.3k
OWASP Quiz Night
binarymist
2
1.2k
The Art of Exploitation
binarymist
2
1.1k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
770
OWASP NZ Day 2016
binarymist
0
170
Infectious Media with Rubber Ducky
binarymist
1
550
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.8k
Other Decks in Technology
See All in Technology
出前館を支えるJavaとKotlin
demaecan
0
150
IVRyにおけるNLP活用と NLP2025の関連論文紹介
keisukeosone
0
140
近年の PyCon 情勢から見た PyCon APAC のまとめ
terapyon
0
270
SaaSプロダクト開発におけるバグの早期検出のためのAcceptance testの取り組み
kworkdev
PRO
0
570
ウェブアクセシビリティとは
lycorptech_jp
PRO
0
360
2025年春に見直したい、リソース最適化の基本
sogaoh
PRO
0
440
20250413_湘南kaggler会_音声認識で使うのってメルス・・・なんだっけ?
sugupoko
0
130
LINEギフトのLINEミニアプリアクセシビリティ改善事例
lycorptech_jp
PRO
0
340
OSSコントリビュートをphp-srcメンテナの立場から語る / OSS Contribute
sakitakamachi
0
890
はてなの開発20年史と DevOpsの歩み / DevOpsDays Tokyo 2025 Keynote
daiksy
2
560
7,000名規模の 人材サービス企業における プロダクト戦略・戦術と課題 / Product strategy, tactics and challenges for a 7,000-employee staffing company
techtekt
0
230
ペアプログラミングにQAが加わった!職能を超えたモブプログラミングの事例と学び
tonionagauzzi
1
160
Featured
See All Featured
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Mobile First: as difficult as doing things right
swwweet
223
9.6k
Designing for humans not robots
tammielis
252
25k
Docker and Python
trallard
44
3.3k
VelocityConf: Rendering Performance Case Studies
addyosmani
328
24k
Statistics for Hackers
jakevdp
798
220k
RailsConf 2023
tenderlove
29
1k
Adopting Sorbet at Scale
ufuk
75
9.3k
The Pragmatic Product Professional
lauravandoore
33
6.5k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.2k
Why Our Code Smells
bkeepers
PRO
336
57k
Thoughts on Productivity
jonyablonski
69
4.6k
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel