Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Kim Carter
July 03, 2021
Technology
0
500
Application Intrusion Detection
Kim Carter
July 03, 2021
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
540
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.3k
OWASP Quiz Night
binarymist
2
1.2k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
790
OWASP NZ Day 2016
binarymist
0
190
Infectious Media with Rubber Ducky
binarymist
1
580
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.9k
Other Decks in Technology
See All in Technology
Azure Well-Architected Framework入門
tomokusaba
0
260
OCI Network Firewall 概要
oracle4engineer
PRO
1
7.8k
いま注目しているデータエンジニアリングの論点
ikkimiyazaki
0
580
BirdCLEF+2025 Noir 5位解法紹介
myso
0
190
動画データのポテンシャルを引き出す! Databricks と AI活用への奮闘記(現在進行形)
databricksjapan
0
140
PLaMo2シリーズのvLLM実装 / PFN LLM セミナー
pfn
PRO
2
950
ACA でMAGI システムを社内で展開しようとした話
mappie_kochi
0
220
DataOpsNight#8_Terragruntを用いたスケーラブルなSnowflakeインフラ管理
roki18d
1
320
Pure Goで体験するWasmの未来
askua
1
170
Pythonによる契約プログラミング入門 / PyCon JP 2025
7pairs
5
2.5k
「Verify with Wallet API」を アプリに導入するために
hinakko
1
220
バイブコーディングと継続的デプロイメント
nwiizo
2
400
Featured
See All Featured
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
BBQ
matthewcrist
89
9.8k
Become a Pro
speakerdeck
PRO
29
5.5k
Practical Orchestrator
shlominoach
190
11k
Typedesign – Prime Four
hannesfritz
42
2.8k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
45
2.5k
Making Projects Easy
brettharned
119
6.4k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
960
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.7k
Large-scale JavaScript Application Architecture
addyosmani
514
110k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel
binarymist
tomokusaba
oracle4engineer
ikkimiyazaki
myso
databricksjapan
pfn
mappie_kochi
roki18d
askua
7pairs
hinakko
nwiizo
keithpitt
chriscoyier
matthewcrist
speakerdeck
shlominoach
hannesfritz
bcantrill
brettharned
irinanazarova
productmarketing
addyosmani
sugarenia
