Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Kim Carter
July 03, 2021
Technology
550
0
Share
Application Intrusion Detection
Kim Carter
July 03, 2021
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
590
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.4k
OWASP Quiz Night
binarymist
2
1.3k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
840
OWASP NZ Day 2016
binarymist
0
210
Infectious Media with Rubber Ducky
binarymist
1
630
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.9k
Other Decks in Technology
See All in Technology
Angular Architecture Revisited Modernizing Angular Architectural Patterns
rainerhahnekamp
0
120
小さいVue.jsを30分で作る
hal_spidernight
0
130
UIライブラリに依存しすぎないReact Native設計を目指して
grandbig
0
190
【技術書典20】OpenFOAM(自宅で深める流体解析)流れと熱移動(2)
kamakiri1225
0
360
AgentCore Managed Harness を使ってみよう
yakumo
2
300
AI駆動開発で生産性を追いかけたら、行き着いたのは品質とシフトレフトだった
littlehands
0
300
Anthropic「Long-running a gents」をGeminiで再現してみた
tkikuchi
0
770
自動テストだけで リリース判断できるチームへ - 鍵はテストの量ではなくリリース判断基準の再設計にあった / Redesigning Release Criteria for Lightweight Releases
ewa
7
3.2k
GKE Agent SandboxでAIが生成したコードを 安全に実行してみた
lamaglama39
0
180
世界の中心でApp Runnerを叫ぶ FINAL
tsukuboshi
0
210
VespaのParent Childを用いたフィードパフォーマンスの改善
taking
0
200
バイブコーディングで3倍早く⚪⚪を作ってみた
samakada
0
210
Featured
See All Featured
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
1
680
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
inesmontani
PRO
3
3.4k
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
180
BBQ
matthewcrist
89
10k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
2.9k
Scaling GitHub
holman
464
140k
JAMstack: Web Apps at Ludicrous Speed - All Things Open 2022
reverentgeek
1
430
Designing Experiences People Love
moore
143
24k
Fashionably flexible responsive web design (full day workshop)
malarkey
408
66k
RailsConf 2023
tenderlove
30
1.4k
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
aleyda
1
2k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
8.1k
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel
binarymist
rainerhahnekamp
hal_spidernight
grandbig
kamakiri1225
yakumo
littlehands
tkikuchi
ewa
.jpg){kind=avatar}
lamaglama39
tsukuboshi
taking
samakada
kimpetersen
inesmontani
sabderemane
matthewcrist
garrettdimon
holman
reverentgeek
moore
malarkey
tenderlove
aleyda
eileencodes
