Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Kim Carter
July 03, 2021
Technology
540
0
Share
Application Intrusion Detection
Kim Carter
July 03, 2021
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
580
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.4k
OWASP Quiz Night
binarymist
2
1.3k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
830
OWASP NZ Day 2016
binarymist
0
210
Infectious Media with Rubber Ducky
binarymist
1
620
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.9k
Other Decks in Technology
See All in Technology
ふりかえりがなかった職能横断チームにふりかえりを導入してみて学んだこと 〜チームのふりかえりを「みんなで未来を考える場」にするプロローグ設計〜
masahiro1214shimokawa
0
410
会社紹介資料 / Sansan Company Profile
sansan33
PRO
17
410k
AWS認定資格は本当に意味があるのか?
nrinetcom
PRO
1
220
Digitization部 紹介資料
sansan33
PRO
1
7.3k
AWS DevOps Agentはチームメイトになれるのか?/ Can AWS DevOps Agent become a teammate
kinunori
1
160
3つのボトルネックを解消し、リリースエンジニアリングを再定義した話
nealle
0
460
え!?初参加で 300冊以上 も頒布!? これは大成功!そのはずなのに わいの財布は 赤字 の件
hellohazime
0
140
DevOpsDays2026 Tokyo Cross-border practices to connect "safety" and "DX" in healthcare
hokkai7go
0
150
JOAI2026講評会資料(近藤佐介)
element138
1
120
明日からドヤれる!超マニアックなAWSセキュリティTips10連発 / 10 Ultra-Niche AWS Security Tips
yuj1osm
0
460
Master Dataグループ紹介資料
sansan33
PRO
1
4.6k
生成AI時代のエンジニア育成 変わる時代と変わらないコト
starfish719
0
4.9k
Featured
See All Featured
Navigating Team Friction
lara
192
16k
How to audit for AI Accessibility on your Front & Back End
davetheseo
0
240
The browser strikes back
jonoalderson
0
940
The World Runs on Bad Software
bkeepers
PRO
72
12k
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
64
54k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
520
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
uxyall
0
250
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
98
Building AI with AI
inesmontani
PRO
1
880
Documentation Writing (for coders)
carmenintech
77
5.3k
Designing for humans not robots
tammielis
254
26k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
250
1.3M
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel
binarymist
masahiro1214shimokawa
sansan33
nrinetcom
kinunori
nealle
hellohazime
hokkai7go
element138
yuj1osm
starfish719
lara
davetheseo
jonoalderson
bkeepers
nwiizo
tammyeverts
uxyall
stuffmc
inesmontani
carmenintech
tammielis
sugarenia
