Upgrade to Pro — share decks privately, control downloads, hide ads and more …

カンムにおけるプロダクトセキュリティのこれまでとこれから

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for Moto Ishizawa Moto Ishizawa
September 30, 2022
Technology
1
3k

 カンムにおけるプロダクトセキュリティのこれまでとこれから

Avatar for Moto Ishizawa

Moto Ishizawa

September 30, 2022
Tweet

More Decks by Moto Ishizawa

See All by Moto Ishizawa
LLM エージェントを使った実験
Avatar for Moto Ishizawa summerwind
0
1.3k
Sharing test cases of internet protocols with Go and OCI Artifacts
Avatar for Moto Ishizawa summerwind
0
1.2k
Using Thanos as a long-term storage for your Prometheus metrics
Avatar for Moto Ishizawa summerwind
1
13k
Using Kubernetes as a datastore for SPIRE
Avatar for Moto Ishizawa summerwind
1
1.2k
Whitebox Controller
Avatar for Moto Ishizawa summerwind
5
1.8k
Managing Kubernetes manifests with Spruce
Avatar for Moto Ishizawa summerwind
2
4.5k
Understanding HTTP/2 prioritization
Avatar for Moto Ishizawa summerwind
16
6.4k
HTTP/2 Deep Dive: Priority & Server Push
Avatar for Moto Ishizawa summerwind
17
3.6k
HTTP/2 Server Push Considered Harmful
Avatar for Moto Ishizawa summerwind
1
2.2k

Other Decks in Technology

See All in Technology
Claude Cowork Plugins を読む - Skills駆動型業務エージェント設計の実像と構造
Avatar for 西岡 賢一郎 (Kenichiro Nishioka) knishioka
0
190
全自動で回せ!Claude Codeマーケットプレイス運用術
Avatar for ugo yukyu30
3
140
LINE Messengerの次世代ストレージ選定
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
0
250
Devinを導入したら予想外の人たちに好評だった
Avatar for Takafumi Omuro tomuro
0
460
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
Avatar for Sansan, Inc. sansan33
PRO
0
3k
AI Coding Agentの地殻変動 ~ ai-coding.info の定点観測 ~
Avatar for kotauchisunsun kotauchisunsun
1
490
Claude Codeと駆け抜ける 情報収集と実践録
Avatar for sontixyou sontixyou
2
1.2k
Lookerの最新バージョンv26.2がやばい話
Avatar for Yuta Ozaki waiwai2111
1
140
Serverless Agent Architecture on Azure / serverless-agent-on-azure
Avatar for miyake miyake
1
110
AI が Approve する開発フロー / How AI Reviewers Accelerate Our Development
Avatar for Hiroka Zaitsu zaimy
1
230
Vertex AI Agent Engine で学ぶ「記憶」の設計
Avatar for t-kikuchi tkikuchi
0
110
20260222ねこIoTLT ねこIoTLTをふりかえる
Avatar for フクイ poropinai1966
0
300

Featured

See All Featured
First, design no harm
Avatar for Per Axbom axbom
PRO
2
1.1k
Leo the Paperboy
Avatar for Maya Tellez mayatellez
4
1.5k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
50
14k
It's Worth the Effort
Avatar for 3n 3n
188
29k
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
Avatar for Ines Montani inesmontani
PRO
3
2.1k
WCS-LA-2024
Avatar for Leonardo Collado-Torres lcolladotor
0
470
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k
How to make the Groovebox
Avatar for あそなす asonas
2
2k
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
463
34k
Impact Scores and Hybrid Strategies: The future of link building
Avatar for Tamara Novitovic tamaranovitovic
0
220
Bootstrapping a Software Product
Avatar for Garrett Dimon garrettdimon
PRO
307
120k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
Avatar for Michelle Schulp Hunt marktimemedia
31
2.7k

Transcript

  1. ΧϯϜʹ͓͚Δ ϓϩμΫτηΩϡϦςΟͷ ͜Ε·Ͱͱ͜Ε͔Β -BZFS9ͱ,BONV'JO5FDIελʔτΞοϓηΩϡϦςΟࣄ৘ 

  2. Moto Ishizawa Software Engineer, Kanmu, Inc.

  3. None

  4. ϓϩμΫτηΩϡϦςΟʜ 🤔 AWS API Go Python γεςϜߏ੒ ੬ऑੑ؅ཧ WAF Logging

    PCI DSS GitHub ݖݶ؅ཧ IAM VPC PKI TLS มߋ؅ཧ Monitoring σϓϩΠ ίϯςφ Linux Django

  5. ϓϩμΫτηΩϡϦςΟʜ 🤔 AWS API Go Python γεςϜߏ੒ ੬ऑੑ؅ཧ WAF Logging

    PCI DSS GitHub ݖݶ؅ཧ IAM VPC PKI TLS มߋ؅ཧ Monitoring σϓϩΠ ίϯςφ Linux Django

  6. ౰ॳͷঢ়گ • ϓϩμΫτ͸ʮόϯυϧΧʔυʯͷΈ • ܾࡁͷ࢓૊ΈΛఏڙ͍ͯ͠ΔͨΊɺηΩϡϦςΟ͸࠷΋ॏཁͳཁૉ • όοΫΤϯυΤϯδχΞ͸ CTO ΛؚΊͯ4ਓ •

    ϓϩμΫτηΩϡϦςΟͷྖҬ͸ओʹ CTO ͕୲౰ • ࠷ॳͷΠϯϑϥઐ೚ΤϯδχΞͱͯ͠ೖࣾ • AWS Կ΋Θ͔ΒΜϚϯ

  7. ͻͱ·ͣͷઓུ • ϓϩμΫτ։ൃʹࢀՃͯ͠γεςϜͷมߋϑϩʔΛ೺Ѳ͢Δ • AWS ͳͲͷΫϥ΢υαʔϏεͷ؅ཧऀݖݶΛ΋Β͍ར༻ঢ়گΛ೺Ѳ͢Δ • ։ൃ΍ӡ༻ʹؔΘΔ֤छαʔϏεͷݖݶ؅ཧͷঢ়گΛ೺Ѳ͢Δ • ηΩϡϦςΟ໘Ͱͷ੍໿Λ೺Ѳ͢Δ

  8. ݟ͖͑ͯͨ՝୊΍ϦεΫ • ຀Վతͳ AWS ͷ؅ཧ • ͍͋·͍ͳݖݶ؅ཧ΍มߋ؅ཧͷϓϩηε • ։ൃ࣌ظʹΑΓҟͳΔγεςϜߏ੒ •

    PCI DSS ʹΑΔ੍໿ͱଐਓతͳͦͷӡ༻ • Կ͔ى͖ͯ΋ؾ෇͚ͳ͍ɾௐࠪͰ͖ͳ͍ྖҬ͕͋Δ • ͳͲͳͲ…

  9. 1$*%44ͱ͸ • Payment Card Industry (PCI) ͱ͍͏ΫϨδοτΧʔυͷۀքஂମ͕ࡦఆͯ͠ ͍Δ Data Security

    Standard (DSS) ͱ͍͏ඪ४ͷ͜ͱ • Χʔυ৘ใΛద੾ʹ؅ཧ͢ΔͨΊͷηΩϡϦςΟج४͕ఆٛ͞Ε͍ͯΔ • ΧϯϜ͸ΫϨδοτΧʔυΛൃߦ͢Δཱ৔ͱͯ͠४ڌ͕ٻΊΒΕ͍ͯΔ • υΩϡϝϯτ͸ެࣜαΠτ͔Β୭Ͱ΋μ΢ϯϩʔυͰ͖Δ • https://www.pcisecuritystandards.org/document_library/

  10. վળํ਑ʮϕʔεϥΠϯΛ੔͑Δʯ • ઃఆͷ౷Ұ΍ΨόφϯεͷڧԽ • ϚωʔδυαʔϏεΛ׆༻ͨ͠γεςϜߏ੒ͷ੔ཧ • Կ͔͕ى͖ͯ΋ͦΕʹؾ͖ͮɺௐࠪͰ͖ΔΑ͏ʹ͢Δ (؂ࠪੑͷ޲্) • ࠷খݖݶͷݪଇʹै͏

    • CTO ʹλεΫ͕ूத͢Δঢ়ଶ͔Βͷ୤٫ • ։ൃऀͷମݧ΋Ұॹʹվળ͢Δ

  11. "84ͷվળྫ • ϕετϓϥΫςΟεʹجͮ͘ઃఆͷಋೖ • AWS Organization ͱ AWS SSO (AWS

    IAM Identity Center) ͷಋೖ • CloudTrail ͱ AWS Con fi g ͷ༗ޮԽͱϩάઐ༻ΞΧ΢ϯτͰͷҰݩ؅ཧ • GuardDuty ͱ Security Hub ͷಋೖ • վળޮՌ • ਺ଟ͘ଘࡏ͍ͯͨ͠ IAM User Λ׬શʹഇࢭ • SSO ʹΑΓෳ਺ͷ AWS ΞΧ΢ϯτ΁ͷϩάΠϯ͕༰қʹ • Կ͔ҟৗ͕͋ͬͯ΋ͦΕʹؾ͍ͮͯௐ͕ࠪͰ͖Δঢ়ଶʹ

  12. (JU)VCͷվળྫ • ϕετϓϥΫςΟεʹجͮ͘ઃఆͷಋೖ • ݖݶͷ୨Է͠ͱ Team ΍ Permission ͷ੔උ •

    CODEOWNERS ΍ Branch Protection ͷઃఆ • ࣗಈΞαΠϯ΍ Slack ௨஌ͷ༗ޮԽ • վળޮՌ • ѱҙͷ͋Δมߋ΍վ͟ΜΛ࠷௿ݶ๷ࢭ • มߋݖݶΛ࣋ͭਓͷ໌֬Խ • Slack Ͱ౎౓΍ΓͱΓ͍ͯͨ͠ϨϏϡʔґཔͷࣗಈԽ

  13. γεςϜߏ੒ͷվળྫ • ϚωʔδυαʔϏε΁ͷஔ͖׵͑΍ΞΫηε੍ޚͷݟ௚͠Λ࣮ࢪ • Session Manager Λಋೖ͠ɺ2िؒʹ1ճ͙Β͍յΕΔ LDAP Λൃഁղମ •

    Cloud One Λಋೖ͠ɺಠࣗӡ༻͍ͯͨ͠ OSSEC Λൃഁղମ • վળޮՌ • ӡ༻ෛՙͷܰݮ • ϞχλϦϯά͓Αͼ؂ࠪੑͷ޲্ • SSO ʹΑΓ EC2 Πϯελϯε΁ͷΞΫηε͕༰қʹ

  14. 1$*%44ؔ࿈ͷվળྫ • ཁ݅ͷཧղͱӡ༻໘ͷ੔උ • ؂ࠪʹରԠ͢ΔϝϯόʔͰશ12ཁ݅ͷಡΈ߹ΘͤձΛ࣮ࢪ • ఆظతʹඞཁͳӡ༻λεΫΛચ͍ग़͠ͱͦͷλεΫͷ࣮ࢪ • ཁ݅ͱ࣮ࡍͷγεςϜʹ͋Θͤͨࣾ಺ϙϦγʔͷݟ௚͠ •

    վળޮՌ • CTO ͕ରԠ͍ͯͨ͠ӡ༻ΛνʔϜͰͰ͖ΔΑ͏ʹͳͬͨ • 3.5ਓఔ౓Ͱ2ͭͷϓϩμΫτͷ PCI DSS ४ڌΛୡ੒

  15. ৽ϓϩμΫτ1PPMͷϦϦʔε • ϦϦʔεલʹϕʔεϥΠϯ͸੔͓͖͍͑ͯͨ • AWS ΍γεςϜશମͷઃఆͷϨϏϡʔ • PCI DSS ཁ݅ͷ४ڌʹؔΘΔઃఆͳͲͷϨϏϡʔ

    • όϯυϧΧʔυͰݟ͔ͭͬͨط஌ͷ੬ऑੑ౳ͷରԠ • վળޮՌ • ط஌ͷ੬ऑੑʹ͍ͭͯϦϦʔεલʹରࡦͰ͖ͨ • ϦϦʔε࣌ͷߏ੒Ͱ PCI DSS ͷ४ڌΛୡ੒

  16. ͜͜·Ͱͷঢ়گ • ϓϩμΫτηΩϡϦςΟͷϕʔεϥΠϯ͸੔͖ͬͯͨ • େ͖ͳ੍໿ͱͳΔ PCI DSS ͷӡ༻΍؂ࠪ΋νʔϜͰରԠͰ͖͍ͯΔ • ࠓޙ͸ࣗಈԽͷਪਐ΍৽ٕज़ͷಋೖɺ͞ΒͳΔϦεΫܰݮࡦͷ࣮૷ΛਐΊΔ

    • ηΩϡϦςΟΛιϑτ΢ΣΞͰ࣮૷͍ͯ͘͠ɺ৭ʑͱָ͘͠ͳΔϑΣʔζ

  17. ࠓޙ΍͍͖͍ͬͯͨ͜ͱ • EC2 ΛՄೳͳݶΓഇࢭͯ͠ίϯςφ΁Ҡߦ (ਐߦத) • ηΩϡΞͰͳ͍ Go ͳͲͷίʔυͷࣗಈݕ஌ •

    ੬ऑੑ͓ΑͼαϓϥΠνΣʔϯؔ࿈ͷϞχλϦϯάͱͦͷରԠͷڧԽ • AWS ΍ GitHub ͳͲͷઃఆͷܧଓతͳݕূͱͦͷରԠͷࣗಈԽ • PCI DSS ͓ΑͼίϯϓϥΠΞϯεؔ࿈ӡ༻ͷࣗಈԽ • PCI DSS v4 ΁ͷ४ڌ

  18. Ұॹʹ΍Γ·ͤΜ͔ʂ https://team.kanmu.co.jp/

  19. Thanks!