Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Kim Carter
July 03, 2021
Technology
0
530
Application Intrusion Detection
Kim Carter
July 03, 2021
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
580
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.4k
OWASP Quiz Night
binarymist
2
1.3k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
820
OWASP NZ Day 2016
binarymist
0
200
Infectious Media with Rubber Ducky
binarymist
1
610
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.9k
Other Decks in Technology
See All in Technology
visionOS 開発向けの MCP / Skills をつくり続けることで XR の探究と学習を最大化
karad
1
600
社内レビューは機能しているのか
matsuba
0
150
AWS CDK「読めるけど書けない」を脱却するファーストステップ
smt7174
3
180
CyberAgentの生成AI戦略 〜変わるものと変わらないもの〜
katayan
0
270
スクリプトの先へ!AIエージェントと組み合わせる モバイルE2Eテスト
error96num
0
180
"作る"から"使われる"へ:Backstage 活用の現在地
sbtechnight
0
190
AI駆動AI普及活動 ~ 社内AI活用の「何から始めれば?」をAIで突破する
oracle4engineer
PRO
1
110
2026-03-11 JAWS-UG 茨城 #12 改めてALBを便利に使う
masasuzu
2
400
品質を経営にどう語るか #jassttokyo / Communicating the Strategic Value of Quality to Executive Leadership
kyonmm
PRO
2
520
AWS DevOps Agent vs SRE俺 / AWS DevOps Agent vs me, the SRE
sms_tech
3
900
猫でもわかるKiro CLI(AI 駆動開発への道編)
kentapapa
0
260
S3はフラットである –AWS公式SDKにも存在した、 署名付きURLにおけるパストラバーサル脆弱性– / JAWS DAYS 2026
flatt_security
0
1.8k
Featured
See All Featured
A designer walks into a library…
pauljervisheath
210
24k
AI in Enterprises - Java and Open Source to the Rescue
ivargrimstad
0
1.2k
From Legacy to Launchpad: Building Startup-Ready Communities
dugsong
0
180
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
baasie
0
260
Bash Introduction
62gerente
615
210k
Art, The Web, and Tiny UX
lynnandtonic
304
21k
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
The B2B funnel & how to create a winning content strategy
katarinadahlin
PRO
1
300
30 Presentation Tips
portentint
PRO
1
250
Building an army of robots
kneath
306
46k
Producing Creativity
orderedlist
PRO
348
40k
Paper Plane (Part 1)
katiecoart
PRO
0
5.7k
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel
binarymist
karad
matsuba
smt7174
katayan
error96num
sbtechnight
oracle4engineer
masasuzu
kyonmm
sms_tech
kentapapa
flatt_security
pauljervisheath
ivargrimstad
dugsong
baasie
62gerente
lynnandtonic
keithpitt
katarinadahlin
portentint
kneath
orderedlist
katiecoart
