Upgrade to Pro — share decks privately, control downloads, hide ads and more …

カンムにおけるプロダクトセキュリティのこれまでとこれから

Avatar for Moto Ishizawa Moto Ishizawa
September 30, 2022
Technology
1
2.8k

 カンムにおけるプロダクトセキュリティのこれまでとこれから

Avatar for Moto Ishizawa

Moto Ishizawa

September 30, 2022
Tweet

More Decks by Moto Ishizawa

See All by Moto Ishizawa
LLM エージェントを使った実験
Avatar for Moto Ishizawa summerwind
0
1.2k
Sharing test cases of internet protocols with Go and OCI Artifacts
Avatar for Moto Ishizawa summerwind
0
1.1k
Using Thanos as a long-term storage for your Prometheus metrics
Avatar for Moto Ishizawa summerwind
1
12k
Using Kubernetes as a datastore for SPIRE
Avatar for Moto Ishizawa summerwind
1
1.1k
Whitebox Controller
Avatar for Moto Ishizawa summerwind
5
1.8k
Managing Kubernetes manifests with Spruce
Avatar for Moto Ishizawa summerwind
2
4.3k
Understanding HTTP/2 prioritization
Avatar for Moto Ishizawa summerwind
16
6.3k
HTTP/2 Deep Dive: Priority & Server Push
Avatar for Moto Ishizawa summerwind
17
3.5k
HTTP/2 Server Push Considered Harmful
Avatar for Moto Ishizawa summerwind
1
2.1k

Other Decks in Technology

See All in Technology
研究開発部メンバーの働き⽅ / Sansan R&D Profile
Avatar for Sansan, Inc. sansan33
PRO
3
18k
ビジネス職が分析も担う事業部制組織でのデータ活用の仕組みづくり / Enabling Data Analytics in Business-Led Divisional Organizations
Avatar for Hiroka Zaitsu zaimy
1
400
対話型音声AIアプリケーションの信頼性向上の取り組み
Avatar for 株式会社IVRy(社員登壇資料) ivry_presentationmaterials
3
1.1k
How Do I Contact Jetblue Airlines® Reservation Number: Fast Support Guide
Avatar for John thejetblueairhelpsupport
0
150
毎晩の 負荷試験自動実行による効果
Avatar for Recruit recruitengineers
PRO
5
180
MCP とマネージド PaaS で実現する大規模 AI アプリケーションの高速開発
Avatar for Nahoko Ushirokawa nahokoxxx
1
390
LLM拡張解体新書/llm-extension-deep-dive
Avatar for oracle4engineer oracle4engineer
PRO
24
6.5k
データ駆動経営の道しるべ:プロダクト開発指標の戦略的活用法
Avatar for ham ham0215
2
140
OpenTelemetryセマンティック規約の恩恵とMackerel APMにおける活用例 / SRE NEXT 2025
Avatar for mackerelio mackerelio
3
2k
全部AI、全員Cursor、ドキュメント駆動開発 〜DevinやGeminiも添えて〜
Avatar for Masaya Hayashi rinchsan
10
5.2k
アクセスピークを制するオートスケール再設計: 障害を乗り越えKEDAで実現したリソース管理の最適化
Avatar for M-Yamashita myamashii
1
710
AIでテストプロセス自動化に挑戦する
Avatar for K_SAK sakatakazunori
1
560

Featured

See All Featured
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
90
590k
Scaling GitHub
Avatar for Zach Holman holman
460
140k
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
48
2.9k
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1031
460k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
Avatar for Tammy Everts tammyeverts
8
340
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.3k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
29
1.8k
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
248
1.3M
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
301
51k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
35
6.7k
Dealing with People You Can't Stand - Big Design 2015
Avatar for Cassini Nazir cassininazir
367
26k
The Language of Interfaces
Avatar for Des Traynor destraynor
158
25k

Transcript

  1. ΧϯϜʹ͓͚Δ ϓϩμΫτηΩϡϦςΟͷ ͜Ε·Ͱͱ͜Ε͔Β -BZFS9ͱ,BONV'JO5FDIελʔτΞοϓηΩϡϦςΟࣄ৘ 

  2. Moto Ishizawa Software Engineer, Kanmu, Inc.

  3. None

  4. ϓϩμΫτηΩϡϦςΟʜ 🤔 AWS API Go Python γεςϜߏ੒ ੬ऑੑ؅ཧ WAF Logging

    PCI DSS GitHub ݖݶ؅ཧ IAM VPC PKI TLS มߋ؅ཧ Monitoring σϓϩΠ ίϯςφ Linux Django

  5. ϓϩμΫτηΩϡϦςΟʜ 🤔 AWS API Go Python γεςϜߏ੒ ੬ऑੑ؅ཧ WAF Logging

    PCI DSS GitHub ݖݶ؅ཧ IAM VPC PKI TLS มߋ؅ཧ Monitoring σϓϩΠ ίϯςφ Linux Django

  6. ౰ॳͷঢ়گ • ϓϩμΫτ͸ʮόϯυϧΧʔυʯͷΈ • ܾࡁͷ࢓૊ΈΛఏڙ͍ͯ͠ΔͨΊɺηΩϡϦςΟ͸࠷΋ॏཁͳཁૉ • όοΫΤϯυΤϯδχΞ͸ CTO ΛؚΊͯ4ਓ •

    ϓϩμΫτηΩϡϦςΟͷྖҬ͸ओʹ CTO ͕୲౰ • ࠷ॳͷΠϯϑϥઐ೚ΤϯδχΞͱͯ͠ೖࣾ • AWS Կ΋Θ͔ΒΜϚϯ

  7. ͻͱ·ͣͷઓུ • ϓϩμΫτ։ൃʹࢀՃͯ͠γεςϜͷมߋϑϩʔΛ೺Ѳ͢Δ • AWS ͳͲͷΫϥ΢υαʔϏεͷ؅ཧऀݖݶΛ΋Β͍ར༻ঢ়گΛ೺Ѳ͢Δ • ։ൃ΍ӡ༻ʹؔΘΔ֤छαʔϏεͷݖݶ؅ཧͷঢ়گΛ೺Ѳ͢Δ • ηΩϡϦςΟ໘Ͱͷ੍໿Λ೺Ѳ͢Δ

  8. ݟ͖͑ͯͨ՝୊΍ϦεΫ • ຀Վతͳ AWS ͷ؅ཧ • ͍͋·͍ͳݖݶ؅ཧ΍มߋ؅ཧͷϓϩηε • ։ൃ࣌ظʹΑΓҟͳΔγεςϜߏ੒ •

    PCI DSS ʹΑΔ੍໿ͱଐਓతͳͦͷӡ༻ • Կ͔ى͖ͯ΋ؾ෇͚ͳ͍ɾௐࠪͰ͖ͳ͍ྖҬ͕͋Δ • ͳͲͳͲ…

  9. 1$*%44ͱ͸ • Payment Card Industry (PCI) ͱ͍͏ΫϨδοτΧʔυͷۀքஂମ͕ࡦఆͯ͠ ͍Δ Data Security

    Standard (DSS) ͱ͍͏ඪ४ͷ͜ͱ • Χʔυ৘ใΛద੾ʹ؅ཧ͢ΔͨΊͷηΩϡϦςΟج४͕ఆٛ͞Ε͍ͯΔ • ΧϯϜ͸ΫϨδοτΧʔυΛൃߦ͢Δཱ৔ͱͯ͠४ڌ͕ٻΊΒΕ͍ͯΔ • υΩϡϝϯτ͸ެࣜαΠτ͔Β୭Ͱ΋μ΢ϯϩʔυͰ͖Δ • https://www.pcisecuritystandards.org/document_library/

  10. վળํ਑ʮϕʔεϥΠϯΛ੔͑Δʯ • ઃఆͷ౷Ұ΍ΨόφϯεͷڧԽ • ϚωʔδυαʔϏεΛ׆༻ͨ͠γεςϜߏ੒ͷ੔ཧ • Կ͔͕ى͖ͯ΋ͦΕʹؾ͖ͮɺௐࠪͰ͖ΔΑ͏ʹ͢Δ (؂ࠪੑͷ޲্) • ࠷খݖݶͷݪଇʹै͏

    • CTO ʹλεΫ͕ूத͢Δঢ়ଶ͔Βͷ୤٫ • ։ൃऀͷମݧ΋Ұॹʹվળ͢Δ

  11. "84ͷվળྫ • ϕετϓϥΫςΟεʹجͮ͘ઃఆͷಋೖ • AWS Organization ͱ AWS SSO (AWS

    IAM Identity Center) ͷಋೖ • CloudTrail ͱ AWS Con fi g ͷ༗ޮԽͱϩάઐ༻ΞΧ΢ϯτͰͷҰݩ؅ཧ • GuardDuty ͱ Security Hub ͷಋೖ • վળޮՌ • ਺ଟ͘ଘࡏ͍ͯͨ͠ IAM User Λ׬શʹഇࢭ • SSO ʹΑΓෳ਺ͷ AWS ΞΧ΢ϯτ΁ͷϩάΠϯ͕༰қʹ • Կ͔ҟৗ͕͋ͬͯ΋ͦΕʹؾ͍ͮͯௐ͕ࠪͰ͖Δঢ়ଶʹ

  12. (JU)VCͷվળྫ • ϕετϓϥΫςΟεʹجͮ͘ઃఆͷಋೖ • ݖݶͷ୨Է͠ͱ Team ΍ Permission ͷ੔උ •

    CODEOWNERS ΍ Branch Protection ͷઃఆ • ࣗಈΞαΠϯ΍ Slack ௨஌ͷ༗ޮԽ • վળޮՌ • ѱҙͷ͋Δมߋ΍վ͟ΜΛ࠷௿ݶ๷ࢭ • มߋݖݶΛ࣋ͭਓͷ໌֬Խ • Slack Ͱ౎౓΍ΓͱΓ͍ͯͨ͠ϨϏϡʔґཔͷࣗಈԽ

  13. γεςϜߏ੒ͷվળྫ • ϚωʔδυαʔϏε΁ͷஔ͖׵͑΍ΞΫηε੍ޚͷݟ௚͠Λ࣮ࢪ • Session Manager Λಋೖ͠ɺ2िؒʹ1ճ͙Β͍յΕΔ LDAP Λൃഁղମ •

    Cloud One Λಋೖ͠ɺಠࣗӡ༻͍ͯͨ͠ OSSEC Λൃഁղମ • վળޮՌ • ӡ༻ෛՙͷܰݮ • ϞχλϦϯά͓Αͼ؂ࠪੑͷ޲্ • SSO ʹΑΓ EC2 Πϯελϯε΁ͷΞΫηε͕༰қʹ

  14. 1$*%44ؔ࿈ͷվળྫ • ཁ݅ͷཧղͱӡ༻໘ͷ੔උ • ؂ࠪʹରԠ͢ΔϝϯόʔͰશ12ཁ݅ͷಡΈ߹ΘͤձΛ࣮ࢪ • ఆظతʹඞཁͳӡ༻λεΫΛચ͍ग़͠ͱͦͷλεΫͷ࣮ࢪ • ཁ݅ͱ࣮ࡍͷγεςϜʹ͋Θͤͨࣾ಺ϙϦγʔͷݟ௚͠ •

    վળޮՌ • CTO ͕ରԠ͍ͯͨ͠ӡ༻ΛνʔϜͰͰ͖ΔΑ͏ʹͳͬͨ • 3.5ਓఔ౓Ͱ2ͭͷϓϩμΫτͷ PCI DSS ४ڌΛୡ੒

  15. ৽ϓϩμΫτ1PPMͷϦϦʔε • ϦϦʔεલʹϕʔεϥΠϯ͸੔͓͖͍͑ͯͨ • AWS ΍γεςϜશମͷઃఆͷϨϏϡʔ • PCI DSS ཁ݅ͷ४ڌʹؔΘΔઃఆͳͲͷϨϏϡʔ

    • όϯυϧΧʔυͰݟ͔ͭͬͨط஌ͷ੬ऑੑ౳ͷରԠ • վળޮՌ • ط஌ͷ੬ऑੑʹ͍ͭͯϦϦʔεલʹରࡦͰ͖ͨ • ϦϦʔε࣌ͷߏ੒Ͱ PCI DSS ͷ४ڌΛୡ੒

  16. ͜͜·Ͱͷঢ়گ • ϓϩμΫτηΩϡϦςΟͷϕʔεϥΠϯ͸੔͖ͬͯͨ • େ͖ͳ੍໿ͱͳΔ PCI DSS ͷӡ༻΍؂ࠪ΋νʔϜͰରԠͰ͖͍ͯΔ • ࠓޙ͸ࣗಈԽͷਪਐ΍৽ٕज़ͷಋೖɺ͞ΒͳΔϦεΫܰݮࡦͷ࣮૷ΛਐΊΔ

    • ηΩϡϦςΟΛιϑτ΢ΣΞͰ࣮૷͍ͯ͘͠ɺ৭ʑͱָ͘͠ͳΔϑΣʔζ

  17. ࠓޙ΍͍͖͍ͬͯͨ͜ͱ • EC2 ΛՄೳͳݶΓഇࢭͯ͠ίϯςφ΁Ҡߦ (ਐߦத) • ηΩϡΞͰͳ͍ Go ͳͲͷίʔυͷࣗಈݕ஌ •

    ੬ऑੑ͓ΑͼαϓϥΠνΣʔϯؔ࿈ͷϞχλϦϯάͱͦͷରԠͷڧԽ • AWS ΍ GitHub ͳͲͷઃఆͷܧଓతͳݕূͱͦͷରԠͷࣗಈԽ • PCI DSS ͓ΑͼίϯϓϥΠΞϯεؔ࿈ӡ༻ͷࣗಈԽ • PCI DSS v4 ΁ͷ४ڌ

  18. Ұॹʹ΍Γ·ͤΜ͔ʂ https://team.kanmu.co.jp/

  19. Thanks!