Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Kim Carter
July 03, 2021
Technology
550
0
Share
Application Intrusion Detection
Kim Carter
July 03, 2021
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
590
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.4k
OWASP Quiz Night
binarymist
2
1.3k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
840
OWASP NZ Day 2016
binarymist
0
210
Infectious Media with Rubber Ducky
binarymist
1
630
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.9k
Other Decks in Technology
See All in Technology
M5Stack CoreS3とZephyr(RTOS)で Edge AIっぽいことしてみた
iotengineer22
0
400
COBOL婆さんの伝説
poropinai1966
0
130
ボトムアップの改善の火を灯し続けろ!〜支援現場で学んだ、消えないための3つの打ち手〜 / 20260509 Kazuki Mori
shift_evolve
PRO
1
250
AI와 협업하는 조직으로의 여정
arawn
0
570
「誰一人取り残されない」 AIエージェント時代のプロダクト設計思想 Product Management Summit 2026
mizushimac
1
2.4k
データ定義の混乱と戦う 〜 管理会計と財務会計 〜
wonohe
0
170
The 7 pitfalls of AI
ufried
0
160
「QA=テスト」「シフトレフト=スクラムイベントの参加者の一員」の呪縛を解く。アジャイルな開発を止めないために、10Xで挑んだ「右側のしわ寄せ」解消記 #scrumniigata
nihonbuson
PRO
1
240
コードや知識を組み込む / Incorporate Code and Knowledge
ks91
PRO
0
190
Digital Independence: Why, When and How
wannesrams
0
210
MySQL 9.7がやってきた ~これまでのあらすじと基本情報~ @ 日本MySQLユーザ会会2026年04月 / mysql97-yattekita
sakaik
0
150
AI時代 に増える データ活用先
takahal
0
350
Featured
See All Featured
Scaling GitHub
holman
464
140k
Reflections from 52 weeks, 52 projects
jeffersonlam
356
21k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.8k
Designing for humans not robots
tammielis
254
26k
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
chikuwait
0
500
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
4
2.7k
Gemini Prompt Engineering: Practical Techniques for Tangible AI Outcomes
mfonobong
2
380
Abbi's Birthday
coloredviolet
2
7.3k
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
280
Practical Orchestrator
shlominoach
191
11k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
28
3.5k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel
SiteGround - Reliable hosting with speed, security, and support you can count on.
binarymist
iotengineer22
poropinai1966
shift_evolve
arawn
mizushimac
wonohe
ufried
nihonbuson
ks91
wannesrams
sakaik
takahal
holman
jeffersonlam
bcantrill
tammielis
chikuwait
inesmontani
mfonobong
coloredviolet
szymonslowik
shlominoach
eileencodes
chriscoyier
