Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Kim Carter
July 03, 2021
Technology
560
0
Share
Application Intrusion Detection
Kim Carter
July 03, 2021
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
590
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.4k
OWASP Quiz Night
binarymist
2
1.3k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
850
OWASP NZ Day 2016
binarymist
0
210
Infectious Media with Rubber Ducky
binarymist
1
630
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.9k
Other Decks in Technology
See All in Technology
テストコードのないプロジェクトにテストを根付かせる
tttol
0
210
Geek Woman の育ち方 〜コミュニティとAIと〜
chicaco
0
430
類似画像検索モデルの開発ノウハウ
lycorptech_jp
PRO
4
960
AI時代に改めて考える、ドメイン駆動設計 - モデリングが「AIへの共通言語」になる
littlehands
8
2.6k
GitHub Copilot CLIでWebアクセシビリティを改善した話
tomokusaba
0
110
大学生が本気でDatabricksを活用してDiscordサークルをデータ駆動させてみた
phantomjuju
0
210
Javaコミュニティをもっと楽しむための9箇条
takasyou
0
270
A Harness for Behaviour: how to get AI to generate code that does what we intend, or "TDD in the age of AI"
xpmatteo
0
470
Java正規表現エンジン(NFA)の仕組みと パフォーマンスを維持するための最適化手法
takeuchi_132917
0
120
20260528_生成AIを専属DSに_Howの次にすべきことを考える
doradora09
PRO
0
220
JJUG CCC 2026 Spring AI時代の開発こそ標準化を武器に! ― 方式・プロセス・プラットフォームの標準化
s27watanabe
2
430
JEP 522 Deep Dive - G1 GC同期コスト削減によるスループット向上を徹底検証&解説
tabatad
1
170
Featured
See All Featured
How STYLIGHT went responsive
nonsquared
100
6.1k
Principles of Awesome APIs and How to Build Them.
keavy
128
17k
Odyssey Design
rkendrick25
PRO
2
630
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
2k
Between Models and Reality
mayunak
4
300
State of Search Keynote: SEO is Dead Long Live SEO
ryanjones
0
200
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
3.1k
Ethics towards AI in product and experience design
skipperchong
2
290
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Darren the Foodie - Storyboard
khoart
PRO
3
3.3k
svc-hook: hooking system calls on ARM64 by binary rewriting
retrage
2
260
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
1
520
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel
SiteGround - Reliable hosting with speed, security, and support you can count on.
binarymist
tttol
chicaco
lycorptech_jp
littlehands
tomokusaba
phantomjuju
takasyou
xpmatteo
takeuchi_132917
doradora09
s27watanabe
tabatad
nonsquared
keavy
rkendrick25
reverentgeek
mayunak
ryanjones
garrettdimon
skipperchong
chriscoyier
khoart
retrage
honzajavorek
