Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Application Intrusion Detection

A397cb38965ab9f310e7148b8c3d1105?s=47 Kim Carter
July 03, 2021
Technology
0
25

Application Intrusion Detection

A397cb38965ab9f310e7148b8c3d1105?s=128

Kim Carter

July 03, 2021
Tweet

More Decks by Kim Carter

See All by Kim Carter
A397cb38965ab9f310e7148b8c3d1105?s=48 binarymist
0
140
A397cb38965ab9f310e7148b8c3d1105?s=48 binarymist
1
4.1k
A397cb38965ab9f310e7148b8c3d1105?s=48 binarymist
0
290
A397cb38965ab9f310e7148b8c3d1105?s=48 binarymist
2
670
A397cb38965ab9f310e7148b8c3d1105?s=48 binarymist
1
700
A397cb38965ab9f310e7148b8c3d1105?s=48 binarymist
1
430
A397cb38965ab9f310e7148b8c3d1105?s=48 binarymist
0
89
A397cb38965ab9f310e7148b8c3d1105?s=48 binarymist
1
160
A397cb38965ab9f310e7148b8c3d1105?s=48 binarymist
2
1k

Other Decks in Technology

See All in Technology
8f84b7d8869ef6005d89b378e8661f7c?s=48 masuda220
9
1k
B84123138372542a55401c92b170b528?s=48 hassaku63
1
900
6ddc65998177a0f05be629dc31321a8f?s=48 kken78
1
150
140494d272a4d89883a94fdfdb29dea2?s=48 oracle4engineer
PRO
0
320
7cd783377515bdf8207062840b7b2f4e?s=48 soracom
PRO
0
150
79b0777f41898e4c9d75d9839d4cb476?s=48 1stship
2
190
Be0f86176276318b4b9775d795278f7e?s=48 yushiku
5
1.3k
A500dfe11c36aa2912eaf33176fe129f?s=48 oyakata2438
0
410
90caae78f13427afa0a87930f3ba3ce8?s=48 mineo_matsuya
1
530
10c17b2a6e7687c9b039c5c8f9958495?s=48 missasan
2
820
6f455f3ddfaa8a1c3a8a03ecd5d73d4f?s=48 hirakichi
0
130
39725b03c49f80250c831cbd33e3187d?s=48 tsutomun19851222
0
130

Featured

See All Featured
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
208
20k
C7393b7ba7ec9c8890dd77d209fbb3c9?s=48 maltzj
504
37k
0fe2973fa8d27d96547e43322341183a?s=48 swwweet
209
7.1k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
194
8.8k
E76911cbe088e5b850d966de3fc7435b?s=48 robhawkes
55
3k
D8fc2580cfaca035f666d9e4ee79a7f7?s=48 mongodb
24
4k
5f83ef806155b403c3393160ce51f955?s=48 jlugia
218
16k
B83d5b590577969ee79a5ad845411a7d?s=48 ammeep
660
54k
A0517b08532aec8ab2aae3f65d40ad86?s=48 hannesfritz
32
1.1k
Bfd6b681ec6e8c9bef82ff0521c364f7?s=48 kastner
55
2k
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
104
11k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
1352
200k

Transcript

  1. COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people

    want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection) 

  2. APPLICATION INTRUSION DETECTION 

  3. HIDS, NIDS, AIDS? 

  4. 1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks

    that Solution Causes 5. Costs and Trade-offs 

  5. 1. SSM Asset Identification 

  6. 2. SSM Identify Risks 

  7. Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered

    in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention 

  8. 3. SSM Countermeasures 

  9. Lack of Visibility ... Detection works where prevention fails and

    detection is of no use without response Bruce Schneier 

  10. Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient

    Monitoring A10 Kim's book 

  11. WAF App Intrusion Detection & Response Active Automated Prevention Insufficient

    Attack Protection 

  12. App Intrusion Detection->Prevention is reactive 

  13. By being proactive -> SAST, DAST 

  14. It's been 8 years now in alpha and releases being

    published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel 