Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Kim Carter
July 03, 2021
Technology
0
440
Application Intrusion Detection
Kim Carter
July 03, 2021
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
480
Security Regression Testing on OWASP Zap Node API
binarymist
1
9.6k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.2k
OWASP Quiz Night
binarymist
2
1.2k
The Art of Exploitation
binarymist
2
1.1k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
750
OWASP NZ Day 2016
binarymist
0
160
Infectious Media with Rubber Ducky
binarymist
1
530
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.7k
Other Decks in Technology
See All in Technology
embedパッケージを深掘りする / Deep Dive into embed Package in Go
task4233
1
220
Oracle Base Database Service:サービス概要のご紹介
oracle4engineer
PRO
1
16k
PaaSの歴史と、 アプリケーションプラットフォームのこれから
jacopen
7
1.5k
comilioとCloudflare、そして未来へと向けて
oliver_diary
6
450
[IBM TechXchange Dojo]Watson Discoveryとwatsonx.aiでRAGを実現!事例のご紹介+座学②
siyuanzh09
0
110
20250116_JAWS_Osaka
takuyay0ne
2
200
2024AWSで個人的にアツかったアップデート
nagisa53
1
110
EMConf JP の楽しみ方 / How to enjoy EMConf JP
pauli
2
150
Reactフレームワークプロダクトを モバイルアプリにして、もっと便利に。 ユーザに価値を届けよう。/React Framework with Capacitor
rdlabo
0
130
技術に触れたり、顔を出そう
maruto
1
160
ABWGのRe:Cap!
hm5ug
1
120
今から、 今だからこそ始める Terraform で Azure 管理 / Managing Azure with Terraform: The Perfect Time to Start
nnstt1
0
240
Featured
See All Featured
How to Ace a Technical Interview
jacobian
276
23k
Statistics for Hackers
jakevdp
797
220k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.9k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
3
240
StorybookのUI Testing Handbookを読んだ
zakiyama
28
5.4k
Fireside Chat
paigeccino
34
3.1k
Raft: Consensus for Rubyists
vanstee
137
6.7k
What's in a price? How to price your products and services
michaelherold
244
12k
Adopting Sorbet at Scale
ufuk
74
9.2k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Making the Leap to Tech Lead
cromwellryan
133
9k
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel
binarymist
task4233
oracle4engineer
jacopen
oliver_diary
siyuanzh09
takuyay0ne
nagisa53
pauli
rdlabo
maruto
hm5ug
nnstt1
jacobian
jakevdp
bcantrill
garrettdimon
addyosmani
zakiyama
paigeccino
vanstee
michaelherold
ufuk
scottboms
cromwellryan
