Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Kim Carter
July 03, 2021
Technology
560
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Application Intrusion Detection
Kim Carter
July 03, 2021
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
590
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.4k
OWASP Quiz Night
binarymist
2
1.3k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
860
OWASP NZ Day 2016
binarymist
0
210
Infectious Media with Rubber Ducky
binarymist
1
640
0wn1ng The Web at www.wdcnz.com
binarymist
2
2k
Other Decks in Technology
See All in Technology
SIer20年! 培ったスキルがスタートアップで輝く時
shucho0103
0
850
2026.06.13_AI時代に事業会社が「SIer出身エンジニア」を求める理由 / Why Businesses Seek Engineers with a System Integrator Background in the AI Era
jumtech
0
1.1k
連合学習と機密コンピューティング
lycorptech_jp
PRO
0
110
RSA暗号を手計算したくなること、ありますよね?? (20260615_orestudy6_rsa)
thousanda
0
310
失敗を資産に変えるClaude Code
shinyasaita
0
600
作って終わりにしない タイミーのセマンティックレイヤー育成の現在地
chanyou0311
4
2.3k
Bucharest Tech Week 2026 - Reinventing testing practices in the AI era
edeandrea
PRO
1
150
社内 AI エージェント Synapse と セマンティックレイヤーの育て方
hiroakis
2
1.8k
MCP Appsを作ってみよう
iwamot
PRO
4
570
AGENTS.mdとSkillsで始めるAIエージェント活用
sonoda_mj
3
200
Djangoユーザが知っ得なPostgreSQL機能 - 設計の選択肢を増やす / Djang-use-PostgreSQL
soudai
PRO
1
230
Android の公式 Skill / Android skills
yanzm
0
140
Featured
See All Featured
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
inesmontani
PRO
3
3.5k
The Power of CSS Pseudo Elements
geoffreycrofte
82
6.3k
Prompt Engineering for Job Search
mfonobong
0
340
エンジニアに許された特別な時間の終わり
watany
107
250k
Digital Projects Gone Horribly Wrong (And the UX Pros Who Still Save the Day) - Dean Schuster
uxyall
1
1.7k
Introduction to Domain-Driven Design and Collaborative software design
baasie
1
840
RailsConf 2023
tenderlove
30
1.5k
Accessibility Awareness
sabderemane
1
140
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
16k
Site-Speed That Sticks
csswizardry
13
1.2k
What the history of the web can teach us about the future of AI
inesmontani
PRO
1
610
Jess Joyce - The Pitfalls of Following Frameworks
techseoconnect
PRO
1
170
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel
binarymist
shucho0103
jumtech
lycorptech_jp
thousanda
shinyasaita
chanyou0311
edeandrea
hiroakis
iwamot
sonoda_mj
soudai
yanzm
inesmontani
geoffreycrofte
mfonobong
watany
uxyall
baasie
tenderlove
sabderemane
sstephenson
csswizardry
techseoconnect
