COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection) 

APPLICATION INTRUSION DETECTION 

HIDS, NIDS, AIDS? 

1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks that Solution Causes 5. Costs and Trade-offs 

1. SSM Asset Identification 

2. SSM Identify Risks 

Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention 

3. SSM Countermeasures 

Lack of Visibility ... Detection works where prevention fails and detection is of no use without response Bruce Schneier 

Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient Monitoring A10 Kim's book 

WAF App Intrusion Detection & Response Active Automated Prevention Insufficient Attack Protection 

App Intrusion Detection->Prevention is reactive 

By being proactive -> SAST, DAST 

It's been 8 years now in alpha and releases being published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel 