Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FindyにおけるTakumi活用と脆弱性管理のこれから

Avatar for adachi.ryo adachi.ryo
September 02, 2025
Programming
0
1.6k

 FindyにおけるTakumi活用と脆弱性管理のこれから

https://flatt.connpass.com/event/365208/

Product Security Square #1 | GMO Flatt Securityのスライドです

Avatar for adachi.ryo

adachi.ryo

September 02, 2025
Tweet

More Decks by adachi.ryo

See All by adachi.ryo
Findy Team+のSOC2取得までの道のり
Avatar for adachi.ryo rvirus0817
0
1k
技術的負債で信頼性が限界だったWordPress運用をShifterで完全復活させた話
Avatar for adachi.ryo rvirus0817
1
3.9k
Amazon Security Lakeを活用したセキュリティログの集約とAIによる可視化の最前線
Avatar for adachi.ryo rvirus0817
0
170
TechBull Membersの開発進捗どうですか!?
Avatar for adachi.ryo rvirus0817
0
1.6k
クラウド脆弱性の傾向とShisho Cloudの活用
Avatar for adachi.ryo rvirus0817
0
230
TechBullエンジニアコミュニティの取り組みについて
Avatar for adachi.ryo rvirus0817
0
1.1k
横断SREの立ち上げと、AWSセキュリティへの取り組みの軌跡
Avatar for adachi.ryo rvirus0817
3
13k
ゼロから創る横断SREチーム ~挑戦と進化~
Avatar for adachi.ryo rvirus0817
3
6.3k
入社1ヶ月でここまでやった!Findy Toolsインフラ支援の最適化
Avatar for adachi.ryo rvirus0817
11
14k

Other Decks in Programming

See All in Programming
Atomics APIを知る / Understanding Atomics API
Avatar for TOMIKAWA Sotaro ssssota
1
140
JJUG CCC 2025 Fall: Virtual Thread Deep Dive
Avatar for ternbusty ternbusty
3
350
Feature Flags Suck! - KubeCon Atlanta 2025
Avatar for Pete Hodgson phodgson
0
110
高単価案件で働くための心構え
Avatar for Katsuma Narisawa nullnull
0
130
Honoを技術選定したAI要件定義プラットフォームAcsimでの意思決定
Avatar for Tadashi Shigeoka codenote
0
160
しっかり学ぶ java.lang.*
Avatar for nagise nagise
1
350
複数チーム並行開発下でのコード移行アプローチ ~手動 Codemod から「生成AI 活用」への進化
Avatar for ANDPAD inc andpad
0
160
flutter_kaigi_2025.pdf
Avatar for Kyohei Ito kyoheig3
1
300
「正規表現をつくる」をつくる / make "make regex"
Avatar for TSUYUSATO Kitsune makenowjust
1
400
FlutterKaigi 2025 システム裏側
Avatar for Ryotaro Onoue yumnumm
0
1k
GraalVM Native Image トラブルシューティング機能の最新状況(2025年版)
Avatar for NTTドコモソリューションズ Java担当 ntt_dsol_java
0
130
乱雑なコードの整理から学ぶ設計の初歩
Avatar for 増田 亨 masuda220
PRO
31
12k

Featured

See All Featured
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.5k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
Designing Experiences People Love
Avatar for Jonathan Moore moore
142
24k
Code Reviewing Like a Champion
Avatar for maltzj maltzj
527
40k
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
60
9.6k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
5
750
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
21
1.2k
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
55
9.2k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
36
7k
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
52
3.5k
Reflections from 52 weeks, 52 projects
Avatar for Jefferson Lam jeffersonlam
355
21k

Transcript

  1. 'JOEZʹ͓͚Δ5BLVNJ׆༻ͱ ੬ऑੑ؅ཧͷ͜Ε͔Β 1SPEVDU4FDVSJUZ4RVBSFc(.0'MBUU4FDVSJUZ ҆ୡྋ !BEBDIJO

  2. ͋͐͡Μͩ • ࣗݾ঺հ • 'JOEZʹ͓͚ΔηΩϡϦςΟͷ৴པੑͱ໾ׂ • 5BLVNJͷಋೖޮՌ • 5BLVNJͰؾʹͳͬͨ͜ͱ •

    5BLVNJΛ࣠ʹͨ͠ηΩϡϦςΟӡ༻ͷະདྷ૾ • ·ͱΊ

  3. ͋͐͡Μͩ • ࣗݾ঺հ • 'JOEZʹ͓͚ΔηΩϡϦςΟͷ৴པੑͱ໾ׂ • 5BLVNJͷಋೖޮՌ • 5BLVNJͰؾʹͳͬͨ͜ͱ •

    5BLVNJΛ࣠ʹͨ͠ηΩϡϦςΟӡ༻ͷະདྷ૾ • ·ͱΊ

  4. 4 ࣗݾ঺հ ҆ୡྋ !BEBDIJO  ܳྺ೥໨  ɾϑΝΠϯσΟ ג $50ࣨϓϥοτϑΥʔϜ։ൃνʔϜ4FOJPS43&

    ɾ1PSUGPMJPBEBDIJONF#MPHCMPHBEBDIJONFXJLJBEBDIJONF  ɾ5FDI#VMM δϡχΞΤϯδχΞίϛϡχςΟ 'PVOEFS प೥🎉  ɹɾ43&ΤϯδχΞͷϝϯλϦϯάྦྷܭ໊ˢ ɹɾ4MBDLࢀՃऀ਺͸໊Ҏ্ˢ ɹɾίϛϡχςΟϚωʔδϟʔ-5ΠϕϯτӡӦ.FNCFST։ൃ ɾ5&$)803-%Ͱ43&ؔ࿈ͷಈըΛൃ৴த

  5. 5

  6. (.0'MBUU4FDVSJUZ͞Μʂ͍ͭ΋ײँʂ 6

  7. "844VNNJU+BQBOͰ΋ηΩϡϦςΟϩάʹ͍ͭͯొஃ 7

  8. 'JOEZ5FBN 40$5ZQFΛࠓ೥ͷ݄ʹऔಘ 8

  9. ͋͐͡Μͩ • ࣗݾ঺հ • 'JOEZʹ͓͚ΔηΩϡϦςΟͷ৴པੑͱ໾ׂ • 5BLVNJͷಋೖޮՌ • 5BLVNJͰؾʹͳͬͨ͜ͱ •

    5BLVNJΛ࣠ʹͨ͠ηΩϡϦςΟӡ༻ͷະདྷ૾ • ·ͱΊ

  10. 'JOEZ1MBUGPSN43&5FBNͷ໾ׂ 10 • 1MBUGPSN43&νʔϜ • ೥ൃ଍͠ɺνʔϜ͸໊ • શαʔϏεͷԣஅ • ೥ʹϏδϣϯΛ࠶ఆٛ

    • ͭΛఆٛ • ϚΠϯυηοτ • ࢪࡦ • αϙʔτ • αʔϏε͝ͱʹ୲౰ϝϯόʔ͕ࢧԉ • ϛογϣϯ΋ࠓظ൒ظ͝ͱʹݴޠԽ • λεΫϚωδϝϯτ΋ࣗΒ؅ཧ͢ΔΑ͏ʹ

  11. 'JOEZʹ͓͚ΔηΩϡϦςΟͷ৴པੑͱ໾ׂ 11 • ݸਓ৘ใͷอޢ • εΩϧɾ৬ྺɾࢤ޲ੑ • બߟεςʔλε • ԠืཤྺͳͲͷ΍ΓͱΓ

    • اۀσʔλͷػີੑ • ٻਓ৘ใɺٻ৬ऀɺاۀ৘ใ • αʔϏεͷܧଓੑ • ߈ܸ΍ো֐ʹڧ͍ج൫ͱՄࢹԽ • ࣾձత੹೚ • ϢʔβʔମݧΛࢧ͑Δ͚ͩͰͳ͘ ۀքશମͷ҆৺ײʹ΋ܨ͕Δ

  12. 'JOEZʹ͓͚ΔηΩϡϦςΟͷ৴པੑͱ໾ׂ 12 • "84 • $41. • 4IJTIP$MPVE  

    • 4FDVSJUZ-PH • ηΩϡϦςΟϩάج൫ • "NB[PO4FDVSJUZ-BLF   • 8"'ɺ$MPVE5SBJMɺFUD • ΞϓϦέʔγϣϯϑϩϯτΤϯυ੬ऑੑ • όʔδϣϯΞοϓ • ఆظతʹखಈ੬ऑੑґཔ

  13. ͋͐͡Μͩ • ࣗݾ঺հ • 'JOEZʹ͓͚ΔηΩϡϦςΟͷ৴པੑͱ໾ׂ • 5BLVNJͷಋೖޮՌ • 5BLVNJͰؾʹͳͬͨ͜ͱ •

    5BLVNJΛ࣠ʹͨ͠ηΩϡϦςΟӡ༻ͷະདྷ૾ • ·ͱΊ

  14. 5BLVNJͷಋೖޮՌ • 'JOEZ • 'JOEZ5FBN ɺ'JOEZ5PPMTɺ'JOEZ*%ʹಋೖ • ։ൃεϐʔυ͕ඇৗʹૣ͍ • ৽αʔϏε͕૿͑Δεϐʔυʹൺ΂ͯɺ

    ηΩϡϦςΟ਍அͷΩϟύγςΟ͕՝୊ • 5BLVNJ • ఆظࣗಈ਍அ • εϐʔυରԠ • ܧଓੑͱൈ͚࿙Ε๷ࢭ • ඪ४Խ͞ΕͨϨϙʔτ • ·ΔͰηΩϡϦςΟΤϯδχΞ͔ͷΑ͏ • 43&΋ରԠՄೳʹ • ਓґଘͷεϙοτ࡞ۀ͔Β"*Ͱܧଓతͳ࢓૊Έ΁ 14

  15. ͋͐͡Μͩ • ࣗݾ঺հ • 'JOEZʹ͓͚ΔηΩϡϦςΟͷ৴པੑͱ໾ׂ • 5BLVNJͷಋೖޮՌ • 5BLVNJͰؾʹͳͬͨ͜ͱ •

    5BLVNJΛ࣠ʹͨ͠ηΩϡϦςΟӡ༻ͷະདྷ૾ • ·ͱΊ

  16. 5BLVNJͰؾʹͳͬͨ͜ͱ • Ϩϙʔτͷ׆༻ੑ • ग़ྗ݁Ռ͕8FCʹ࿈ಈ͓ͯ͠Βͣɺ։ൃऀ͕೔ৗతʹࢀরͮ͠Β͍ • ϥΠϒϥϦ੬ऑੑͷΧόʔෆ଍ • ࢖༻தͷ044ϥΠϒϥϦ΍ґଘؔ܎ͷ੬ऑੑݕ஌͕े෼Ͱ͸ͳ͘ɺผ్֬ೝ͕ඞཁ •

    ϫʔΫϑϩʔ΁ͷ౷߹ෆ଍ • (JU)VC*TTVF΍1VMM3FRVFTU΁ͷࣗಈىථ͕ͳ͘ɺλεΫԽ͕खؒʹͳΔ • ৘ใཻ౓ͷෆ଍ • ੬ऑੑՕॴ͕ϑΝΠϧύε୯ҐͰग़ྗ͞Εͳ͍ ϓϩϯϓτ࣍ୈ  • ίʔυཧղͷෛ୲ • ϓϩδΣΫτͷίʔυϕʔεΛ೺Ѳ͢Δ·Ͱʹ͕͔͔࣌ؒΓɺॳಈ͕஗ΕΔ • $MBVEFNE͕ར༻Ͱ͖Ε͹εϐʔυग़ͤͦ͏ 16

  17. ͋͐͡Μͩ • ࣗݾ঺հ • 'JOEZʹ͓͚ΔηΩϡϦςΟͷ৴པੑͱ໾ׂ • 5BLVNJͷಋೖޮՌ • 5BLVNJͰؾʹͳͬͨ͜ͱ •

    5BLVNJΛ࣠ʹͨ͠ηΩϡϦςΟӡ༻ͷະདྷ૾ • ·ͱΊ

  18. 5BLVNJΛ࣠ʹͨ͠ηΩϡϦςΟӡ༻ͷະདྷ૾ 18 • ηΩϡϦςΟΛ࢓૊Έͱͯ͠ճ͢ • 5BLVNJʹΑΔఆظࣗಈ਍அͰɺ੬ऑੑ؅ཧΛܧଓతͳӡ༻ϓϩηε΁ਐԽ • εϐʔυͱ҆৺ͷཱ྆ • ։ൃεϐʔυʹ௥ैͭͭ͠ɺϦεΫΛૣظʹݕ஌ɾରԠ͢Δ͜ͱͰʮ଎͞ʯͱʮ҆શੑʯΛཱ྆

    • ਓͱࣗಈԽͷอ؅ؔ܎ • 5BLVNJ͕ఆظతʹݕ஌Λߦ͏͜ͱͰࣄલʹରԠ͠ɺखಈ਍அͰ࣮֬ʹΧόʔɻ෯޿͍੬ऑੑʹ ରԠ • ଐਓԽ͔Βඪ४Խ΁ • ϨϙʔτܗࣜΛ౷Ұ͠ɺಉ͡඼࣭ͷ਍அ݁ՌΛಘΒΕΔ࢓૊ΈΛཱ֬ • ܧଓతվળͷج൫ • ܏޲෼ੳ΍վળαΠΫϧΛճ͢͜ͱͰʮηΩϡϦςΟΛޙ௥͍ʯ͔ΒʮηΩϡϦςΟͰઌճΓʯ΁

  19. ͋͐͡Μͩ • ࣗݾ঺հ • 'JOEZʹ͓͚ΔηΩϡϦςΟͷ৴པੑͱ໾ׂ • 5BLVNJͷಋೖޮՌ • 5BLVNJͰؾʹͳͬͨ͜ͱ •

    5BLVNJΛ࣠ʹͨ͠ηΩϡϦςΟӡ༻ͷະདྷ૾ • ·ͱΊ

  20. ·ͱΊ 20 ʮ5BLVNJΛ׆༻ͯ͠ਓґଘͷ਍அΛ"*Ͱ࢓૊Έͱͯ͠ճ͢ ηΩϡϦςΟʹਐԽͤ͞ɺ։ൃεϐʔυͱ৴པੑΛཱ͍྆ͯ͘͠ʯ ࠓظதʹશαʔϏεಋೖ͠ɺจԽৢ੒Λ໨ඪʹʂ

  21. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ