Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Application Intrusion Detection
Search
Kim Carter
July 03, 2021
Technology
0
490
Application Intrusion Detection
Kim Carter
July 03, 2021
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
540
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.3k
OWASP Quiz Night
binarymist
2
1.2k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
790
OWASP NZ Day 2016
binarymist
0
190
Infectious Media with Rubber Ducky
binarymist
1
580
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.8k
Other Decks in Technology
See All in Technology
機械学習を扱うプラットフォーム開発と運用事例
lycorptech_jp
PRO
0
200
dbt開発 with Claude Codeのためのガードレール設計
10xinc
1
750
AI エージェントとはそもそも何か? - 技術背景から Amazon Bedrock AgentCore での実装まで- / AI Agent Unicorn Day 2025
hariby
4
1.3k
データアナリストからアナリティクスエンジニアになった話
hiyokko_data
2
430
Codeful Serverless / 一人運用でもやり抜く力
_kensh
7
340
生成AI時代のデータ基盤
shibuiwilliam
6
3.8k
共有と分離 - Compose Multiplatform "本番導入" の設計指針
error96num
1
180
La gouvernance territoriale des données grâce à la plateforme Terreze
bluehats
0
130
Kubernetes における cgroup v2 でのOut-Of-Memory 問題の解決
pfn
PRO
0
470
おやつは300円まで!の最適化を模索してみた
techtekt
PRO
0
290
react-callを使ってダイヤログをいろんなとこで再利用しよう!
shinaps
1
200
AI駆動開発に向けた新しいエンジニアマインドセット
kazue
0
290
Featured
See All Featured
Producing Creativity
orderedlist
PRO
347
40k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Practical Orchestrator
shlominoach
190
11k
[RailsConf 2023] Rails as a piece of cake
palkan
57
5.8k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
23
1.4k
Documentation Writing (for coders)
carmenintech
74
5k
What's in a price? How to price your products and services
michaelherold
246
12k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
187
54k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
4 Signs Your Business is Dying
shpigford
184
22k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
50k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Transcript
COMMUNITY TOPICS Welcome InfoSecNZ Slack, OWASP Slack Anything else people
want to mention? Tonights talk (Chris - Incident Response), (Me - Application Intrusion Detection)
APPLICATION INTRUSION DETECTION
HIDS, NIDS, AIDS?
1. Asset Identification 2. Identify Risks 3. Countermeasures 4. Risks
that Solution Causes 5. Costs and Trade-offs
1. SSM Asset Identification
2. SSM Identify Risks
Lack of Visibility Insufficient Logging (->) & Monitoring (<-) Covered
in for OWASP Top 10 Insufficient Attack Protection Book -> Holistic Info-Sec for Web Developers No. 10 Lack of Active Automated Prevention
3. SSM Countermeasures
Lack of Visibility ... Detection works where prevention fails and
detection is of no use without response Bruce Schneier
Lack of Visibility OWASP Top 10 - Insufficient Logging Insufficient
Monitoring A10 Kim's book
WAF App Intrusion Detection & Response Active Automated Prevention Insufficient
Attack Protection
App Intrusion Detection->Prevention is reactive
By being proactive -> SAST, DAST
It's been 8 years now in alpha and releases being
published regularly purpleteam It's time to let someone else take over Pete Nicholls is taking over from me Next Meetup Last Wed of Sep - Pete & Toni - Ask anything panel
binarymist
lycorptech_jp
10xinc
hariby
hiyokko_data
_kensh
shibuiwilliam
error96num
bluehats
pfn
techtekt
shinaps
kazue
orderedlist
pedronauck
shlominoach
palkan
honnibal
carmenintech
michaelherold
soudai
destraynor
shpigford
chrisshort
keavy
