Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Kim Carter
July 03, 2021
Technology
0
530
Application Intrusion Detection
Kim Carter
July 03, 2021
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
570
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.4k
OWASP Quiz Night
binarymist
2
1.3k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
820
OWASP NZ Day 2016
binarymist
0
200
Infectious Media with Rubber Ducky
binarymist
1
610
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.9k
Other Decks in Technology
See All in Technology
15 years with Rails and DDD (AI Edition)
andrzejkrzywda
0
170
M&A 後の統合をどう進めるか ─ ナレッジワーク × Poetics が実践した組織とシステムの融合
kworkdev
PRO
1
400
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
6
67k
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
10k
プロダクト成長を支える開発基盤とスケールに伴う課題
yuu26
4
1.3k
データの整合性を保ちたいだけなんだ
shoheimitani
8
2.9k
Mosaic AI Gatewayでコーディングエージェントを配るための運用Tips / JEDAI 2026 新春 Meetup! AIコーディング特集
genda
0
150
あたらしい上流工程の形。 0日導入からはじめるAI駆動PM
kumaiu
5
760
Kiro IDEのドキュメントを全部読んだので地味だけどちょっと嬉しい機能を紹介する
khmoryz
0
160
2026年はチャンキングを極める!
shibuiwilliam
9
1.9k
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
1k
AzureでのIaC - Bicep? Terraform? それ早く言ってよ会議
torumakabe
1
340
Featured
See All Featured
Tell your own story through comics
letsgokoyo
1
800
The SEO identity crisis: Don't let AI make you average
varn
0
64
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
55k
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
3.6k
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
madoxten
56
50k
We Have a Design System, Now What?
morganepeng
54
8k
How Software Deployment tools have changed in the past 20 years
geshan
0
32k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
249
1.3M
Six Lessons from altMBA
skipperchong
29
4.1k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.8k
Color Theory Basics | Prateek | Gurzu
gurzu
0
190
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel
binarymist
andrzejkrzywda
kworkdev
sansan33
fullkaiten
yuu26
shoheimitani
genda
kumaiu
khmoryz
shibuiwilliam
torumakabe
letsgokoyo
varn
morganepeng
aki_iinuma
raygrieselhuber
madoxten
geshan
sugarenia
skipperchong
reverentgeek
gurzu
