$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Kim Carter
July 03, 2021
Technology
0
520
Application Intrusion Detection
Kim Carter
July 03, 2021
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
560
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.3k
OWASP Quiz Night
binarymist
2
1.2k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
810
OWASP NZ Day 2016
binarymist
0
200
Infectious Media with Rubber Ducky
binarymist
1
600
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.9k
Other Decks in Technology
See All in Technology
Edge AI Performance on Zephyr Pico vs. Pico 2
iotengineer22
0
150
regrowth_tokyo_2025_securityagent
hiashisan
0
230
今年のデータ・ML系アップデートと気になるアプデのご紹介
nayuts
1
330
20251209_WAKECareer_生成AIを活用した設計・開発プロセス
syobochim
7
1.5k
MLflowダイエット大作戦
lycorptech_jp
PRO
1
110
プロンプトやエージェントを自動的に作る方法
shibuiwilliam
4
3.3k
LLM-Readyなデータ基盤を高速に構築するためのアジャイルデータモデリングの実例
kashira
0
240
評価駆動開発で不確実性を制御する - MLflow 3が支えるエージェント開発
databricksjapan
1
170
AI駆動開発における設計思想 認知負荷を下げるフロントエンドアーキテクチャ/ 20251211 Teppei Hanai
shift_evolve
PRO
2
380
GitHub Copilotを使いこなす 実例に学ぶAIコーディング活用術
74th
3
3k
RAG/Agent開発のアップデートまとめ
taka0709
0
170
エンジニアリングをやめたくないので問い続ける
estie
2
1.2k
Featured
See All Featured
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.8k
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
Building Flexible Design Systems
yeseniaperezcruz
330
39k
Typedesign – Prime Four
hannesfritz
42
2.9k
Context Engineering - Making Every Token Count
addyosmani
9
510
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
5.8k
Build The Right Thing And Hit Your Dates
maggiecrowley
38
3k
Large-scale JavaScript Application Architecture
addyosmani
515
110k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
51k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
390
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.6k
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel
binarymist
iotengineer22
hiashisan
nayuts
syobochim
lycorptech_jp
shibuiwilliam
kashira
databricksjapan
shift_evolve
74th
taka0709
estie
cassininazir
garrettdimon
denniskardys
yeseniaperezcruz
hannesfritz
addyosmani
reverentgeek
maggiecrowley
chrisshort
tammyeverts
marktimemedia
