Skip to main content

Chapter 1: Executive summary

Persona: CISO / All Leaders

Time to read: 2 minutes

What is ADR?

Application Detection and Response (ADR) instruments run applications to detect and respond to threats within the application itself. Unlike perimeter tools (WAF, EDR, NDR) that observe traffic or endpoints, ADR has code-level visibility into:

What function is executing and with what input
Whether a vulnerability is actually being exploited (not just theoretically exploitable) — a verified exploit, not a pattern match
The full data flow from request → vulnerability → data access → response
Outcome Verification: Did the attack succeed or fail? This lets the SOC skip the “is this real?” triage step entirely.

What this handbook gives you

Deliverable	Where
Visual model of where ADR fits in your vulnerability + incident lifecycles	Chapter 2
Copy-paste checklists to launch ADR integration between AppSec and SOC	Chapter 3
Practical maturity model with verifiable criteria	Chapter 4
ADR use cases with detection logic, example alerts, and response playbooks	Chapter 5

ADR in one sentence

ADR closes the gap between "we know about this vulnerability" (AppSec) and "we detected an attack" (SOC) by providing verified runtime visibility, real-time blocking, and actionable context that neither team gets from their other tools alone.

In this section:

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.