Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Kim Carter
July 03, 2021
Technology
0
500
Application Intrusion Detection
Kim Carter
July 03, 2021
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
540
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.3k
OWASP Quiz Night
binarymist
2
1.2k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
790
OWASP NZ Day 2016
binarymist
0
190
Infectious Media with Rubber Ducky
binarymist
1
580
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.9k
Other Decks in Technology
See All in Technology
M5製品で作るポン置きセルラー対応カメラ
sayacom
0
140
業務自動化プラットフォーム Google Agentspace に入門してみる #devio2025
maroon1st
0
190
「AI駆動PO」を考えてみる - 作る速さから価値のスループットへ:検査・適応で未来を開発 / AI-driven product owner. scrummat2025
yosuke_nagai
4
580
[2025-09-30] Databricks Genie を利用した分析基盤とデータモデリングの IVRy の現在地
wxyzzz
0
470
データエンジニアがこの先生きのこるには...?
10xinc
0
440
職種別ミートアップで社内から盛り上げる アウトプット文化の醸成と関係強化/ #DevRelKaigi
nishiuma
2
130
研究開発部メンバーの働き⽅ / Sansan R&D Profile
sansan33
PRO
3
20k
BirdCLEF+2025 Noir 5位解法紹介
myso
0
190
E2Eテスト設計_自動化のリアル___Playwrightでの実践とMCPの試み__AIによるテスト観点作成_.pdf
findy_eventslides
0
110
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
9k
VCC 2025 Write-up
bata_24
0
180
社内お問い合わせBotの仕組みと学び
nish01
0
180
Featured
See All Featured
The World Runs on Bad Software
bkeepers
PRO
71
11k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
32
2.2k
Context Engineering - Making Every Token Count
addyosmani
5
180
Building Applications with DynamoDB
mza
96
6.6k
The Straight Up "How To Draw Better" Workshop
denniskardys
237
140k
A better future with KSS
kneath
239
17k
The Cult of Friendly URLs
andyhume
79
6.6k
Facilitating Awesome Meetings
lara
56
6.6k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
657
61k
Speed Design
sergeychernyshev
32
1.1k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
132
19k
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel
binarymist
sayacom
maroon1st
yosuke_nagai
wxyzzz
10xinc
nishiuma
sansan33
myso
findy_eventslides
fullkaiten
bata_24
nish01
bkeepers
rocio
marcduiker
addyosmani
mza
denniskardys
kneath
andyhume
lara
lemiorhan
sergeychernyshev
morganepeng
