$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Kim Carter
July 03, 2021
Technology
0
520
Application Intrusion Detection
Kim Carter
July 03, 2021
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
560
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.3k
OWASP Quiz Night
binarymist
2
1.2k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
810
OWASP NZ Day 2016
binarymist
0
200
Infectious Media with Rubber Ducky
binarymist
1
600
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.9k
Other Decks in Technology
See All in Technology
エンジニアリングマネージャー はじめての目標設定と評価
halkt
0
200
AI/MLのマルチテナント基盤を支えるコンテナ技術
pfn
PRO
5
780
Security Diaries of an Open Source IAM
ahus1
0
120
“決まらない”NSM設計への処方箋 〜ビットキーにおける現実的な指標デザイン事例〜 / A Prescription for "Stuck" NSM Design: Bitkey’s Practical Case Study
bitkey
PRO
1
480
pmconf2025 - データを活用し「価値」へ繋げる
glorypulse
0
610
AWS Bedrock AgentCoreで作る 1on1支援AIエージェント 〜Memory × Evaluationsによる実践開発〜
yusukeshimizu
3
240
AI 時代のデータ戦略
na0
8
3.4k
日本Rubyの会の構造と実行とあと何か / hokurikurk01
takahashim
4
790
【CEDEC+KYUSHU2025】学生・若手必見!テクニカルアーティスト 大全 ~仕事・スキル・キャリアパス、TAの「わからない」を徹底解剖~
cygames
PRO
0
110
Claude Code Getting Started Guide(en)
oikon48
0
160
Bakuraku Engineering Team Deck
layerx
PRO
12
6.4k
AI駆動開発によるDDDの実践
dip_tech
PRO
0
360
Featured
See All Featured
Imperfection Machines: The Place of Print at Facebook
scottboms
269
13k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
249
1.3M
Understanding Cognitive Biases in Performance Measurement
bluesmoon
31
2.7k
What's in a price? How to price your products and services
michaelherold
246
12k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.6k
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Producing Creativity
orderedlist
PRO
348
40k
Reflections from 52 weeks, 52 projects
jeffersonlam
355
21k
jQuery: Nuts, Bolts and Bling
dougneiner
65
8.1k
Speed Design
sergeychernyshev
33
1.4k
Building Applications with DynamoDB
mza
96
6.8k
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel
binarymist
halkt
pfn
ahus1
bitkey
glorypulse
yusukeshimizu
na0
takahashim
cygames
oikon48
layerx
dip_tech
scottboms
sugarenia
bluesmoon
michaelherold
marktimemedia
wjessup
chriscoyier
orderedlist
jeffersonlam
dougneiner
sergeychernyshev
mza
