Upgrade to Pro — share decks privately, control downloads, hide ads and more …

カンムにおけるプロダクトセキュリティのこれまでとこれから

Avatar for Moto Ishizawa Moto Ishizawa
September 30, 2022
Technology
1
2.9k

 カンムにおけるプロダクトセキュリティのこれまでとこれから

Avatar for Moto Ishizawa

Moto Ishizawa

September 30, 2022
Tweet

More Decks by Moto Ishizawa

See All by Moto Ishizawa
LLM エージェントを使った実験
Avatar for Moto Ishizawa summerwind
0
1.2k
Sharing test cases of internet protocols with Go and OCI Artifacts
Avatar for Moto Ishizawa summerwind
0
1.1k
Using Thanos as a long-term storage for your Prometheus metrics
Avatar for Moto Ishizawa summerwind
1
12k
Using Kubernetes as a datastore for SPIRE
Avatar for Moto Ishizawa summerwind
1
1.1k
Whitebox Controller
Avatar for Moto Ishizawa summerwind
5
1.8k
Managing Kubernetes manifests with Spruce
Avatar for Moto Ishizawa summerwind
2
4.3k
Understanding HTTP/2 prioritization
Avatar for Moto Ishizawa summerwind
16
6.3k
HTTP/2 Deep Dive: Priority & Server Push
Avatar for Moto Ishizawa summerwind
17
3.5k
HTTP/2 Server Push Considered Harmful
Avatar for Moto Ishizawa summerwind
1
2.1k

Other Decks in Technology

See All in Technology
Findy Freelance 利用シーン別AI活用例
Avatar for nesskazu ness
0
310
Serverless Meetup #21
Avatar for 吉田真吾 yoshidashingo
1
110
✨敗北解法コレクション✨〜Expertだった頃に足りなかった知識と技術〜
Avatar for nanachi nanachi
1
520
【CEDEC2025】現場を理解して実現!ゲーム開発を効率化するWebサービスの開発と、利用促進のための継続的な改善
Avatar for Cygames cygames
PRO
0
720
解消したはずが…技術と人間のエラーが交錯する恐怖体験
Avatar for Lamaglama39 lamaglama39
0
190
【OptimizationNight】数理最適化のラストワンマイルとしてのUIUX
Avatar for BrainPad brainpadpr
1
260
AI時代の経営、Bet AI Vision #BetAIDay
Avatar for LayerX layerx
PRO
1
1.8k
生成AI導入の効果を最大化する データ活用戦略
Avatar for ham ham0215
0
110
LLMでAI-OCR、実際どうなの? / llm_ai_ocr_layerx_bet_ai_day_lt
Avatar for sbrf248 sbrf248
0
430
「Roblox」の開発環境とその効率化 ~DAU9700万人超の巨大プラットフォームの開発 事始め~
Avatar for Keita Tanji keitatanji
0
110
Lambda management with ecspresso and Terraform
Avatar for Michael H. Oshita ijin
2
140
生成AI時代におけるAI・機械学習技術を用いたプロダクト開発の深化と進化 #BetAIDay
Avatar for LayerX layerx
PRO
1
1k

Featured

See All Featured
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
63
7.8k
Performance Is Good for Brains [We Love Speed 2024]
Avatar for Tammy Everts tammyeverts
10
1k
Reflections from 52 weeks, 52 projects
Avatar for Jefferson Lam jeffersonlam
351
21k
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
329
21k
Thoughts on Productivity
Avatar for Jon Yablonski jonyablonski
69
4.8k
Code Reviewing Like a Champion
Avatar for maltzj maltzj
524
40k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
29
9.6k
Building an army of robots
Avatar for Kyle Neath kneath
306
45k
Bash Introduction
Avatar for André Augusto Costa Santos 62gerente
614
210k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
86
4.8k
Making Projects Easy
Avatar for Brett Harned brettharned
117
6.3k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
32
8.8k

Transcript

  1. ΧϯϜʹ͓͚Δ ϓϩμΫτηΩϡϦςΟͷ ͜Ε·Ͱͱ͜Ε͔Β -BZFS9ͱ,BONV'JO5FDIελʔτΞοϓηΩϡϦςΟࣄ৘ 

  2. Moto Ishizawa Software Engineer, Kanmu, Inc.

  3. None

  4. ϓϩμΫτηΩϡϦςΟʜ 🤔 AWS API Go Python γεςϜߏ੒ ੬ऑੑ؅ཧ WAF Logging

    PCI DSS GitHub ݖݶ؅ཧ IAM VPC PKI TLS มߋ؅ཧ Monitoring σϓϩΠ ίϯςφ Linux Django

  5. ϓϩμΫτηΩϡϦςΟʜ 🤔 AWS API Go Python γεςϜߏ੒ ੬ऑੑ؅ཧ WAF Logging

    PCI DSS GitHub ݖݶ؅ཧ IAM VPC PKI TLS มߋ؅ཧ Monitoring σϓϩΠ ίϯςφ Linux Django

  6. ౰ॳͷঢ়گ • ϓϩμΫτ͸ʮόϯυϧΧʔυʯͷΈ • ܾࡁͷ࢓૊ΈΛఏڙ͍ͯ͠ΔͨΊɺηΩϡϦςΟ͸࠷΋ॏཁͳཁૉ • όοΫΤϯυΤϯδχΞ͸ CTO ΛؚΊͯ4ਓ •

    ϓϩμΫτηΩϡϦςΟͷྖҬ͸ओʹ CTO ͕୲౰ • ࠷ॳͷΠϯϑϥઐ೚ΤϯδχΞͱͯ͠ೖࣾ • AWS Կ΋Θ͔ΒΜϚϯ

  7. ͻͱ·ͣͷઓུ • ϓϩμΫτ։ൃʹࢀՃͯ͠γεςϜͷมߋϑϩʔΛ೺Ѳ͢Δ • AWS ͳͲͷΫϥ΢υαʔϏεͷ؅ཧऀݖݶΛ΋Β͍ར༻ঢ়گΛ೺Ѳ͢Δ • ։ൃ΍ӡ༻ʹؔΘΔ֤छαʔϏεͷݖݶ؅ཧͷঢ়گΛ೺Ѳ͢Δ • ηΩϡϦςΟ໘Ͱͷ੍໿Λ೺Ѳ͢Δ

  8. ݟ͖͑ͯͨ՝୊΍ϦεΫ • ຀Վతͳ AWS ͷ؅ཧ • ͍͋·͍ͳݖݶ؅ཧ΍มߋ؅ཧͷϓϩηε • ։ൃ࣌ظʹΑΓҟͳΔγεςϜߏ੒ •

    PCI DSS ʹΑΔ੍໿ͱଐਓతͳͦͷӡ༻ • Կ͔ى͖ͯ΋ؾ෇͚ͳ͍ɾௐࠪͰ͖ͳ͍ྖҬ͕͋Δ • ͳͲͳͲ…

  9. 1$*%44ͱ͸ • Payment Card Industry (PCI) ͱ͍͏ΫϨδοτΧʔυͷۀքஂମ͕ࡦఆͯ͠ ͍Δ Data Security

    Standard (DSS) ͱ͍͏ඪ४ͷ͜ͱ • Χʔυ৘ใΛద੾ʹ؅ཧ͢ΔͨΊͷηΩϡϦςΟج४͕ఆٛ͞Ε͍ͯΔ • ΧϯϜ͸ΫϨδοτΧʔυΛൃߦ͢Δཱ৔ͱͯ͠४ڌ͕ٻΊΒΕ͍ͯΔ • υΩϡϝϯτ͸ެࣜαΠτ͔Β୭Ͱ΋μ΢ϯϩʔυͰ͖Δ • https://www.pcisecuritystandards.org/document_library/

  10. վળํ਑ʮϕʔεϥΠϯΛ੔͑Δʯ • ઃఆͷ౷Ұ΍ΨόφϯεͷڧԽ • ϚωʔδυαʔϏεΛ׆༻ͨ͠γεςϜߏ੒ͷ੔ཧ • Կ͔͕ى͖ͯ΋ͦΕʹؾ͖ͮɺௐࠪͰ͖ΔΑ͏ʹ͢Δ (؂ࠪੑͷ޲্) • ࠷খݖݶͷݪଇʹै͏

    • CTO ʹλεΫ͕ूத͢Δঢ়ଶ͔Βͷ୤٫ • ։ൃऀͷମݧ΋Ұॹʹվળ͢Δ

  11. "84ͷվળྫ • ϕετϓϥΫςΟεʹجͮ͘ઃఆͷಋೖ • AWS Organization ͱ AWS SSO (AWS

    IAM Identity Center) ͷಋೖ • CloudTrail ͱ AWS Con fi g ͷ༗ޮԽͱϩάઐ༻ΞΧ΢ϯτͰͷҰݩ؅ཧ • GuardDuty ͱ Security Hub ͷಋೖ • վળޮՌ • ਺ଟ͘ଘࡏ͍ͯͨ͠ IAM User Λ׬શʹഇࢭ • SSO ʹΑΓෳ਺ͷ AWS ΞΧ΢ϯτ΁ͷϩάΠϯ͕༰қʹ • Կ͔ҟৗ͕͋ͬͯ΋ͦΕʹؾ͍ͮͯௐ͕ࠪͰ͖Δঢ়ଶʹ

  12. (JU)VCͷվળྫ • ϕετϓϥΫςΟεʹجͮ͘ઃఆͷಋೖ • ݖݶͷ୨Է͠ͱ Team ΍ Permission ͷ੔උ •

    CODEOWNERS ΍ Branch Protection ͷઃఆ • ࣗಈΞαΠϯ΍ Slack ௨஌ͷ༗ޮԽ • վળޮՌ • ѱҙͷ͋Δมߋ΍վ͟ΜΛ࠷௿ݶ๷ࢭ • มߋݖݶΛ࣋ͭਓͷ໌֬Խ • Slack Ͱ౎౓΍ΓͱΓ͍ͯͨ͠ϨϏϡʔґཔͷࣗಈԽ

  13. γεςϜߏ੒ͷվળྫ • ϚωʔδυαʔϏε΁ͷஔ͖׵͑΍ΞΫηε੍ޚͷݟ௚͠Λ࣮ࢪ • Session Manager Λಋೖ͠ɺ2िؒʹ1ճ͙Β͍յΕΔ LDAP Λൃഁղମ •

    Cloud One Λಋೖ͠ɺಠࣗӡ༻͍ͯͨ͠ OSSEC Λൃഁղମ • վળޮՌ • ӡ༻ෛՙͷܰݮ • ϞχλϦϯά͓Αͼ؂ࠪੑͷ޲্ • SSO ʹΑΓ EC2 Πϯελϯε΁ͷΞΫηε͕༰қʹ

  14. 1$*%44ؔ࿈ͷվળྫ • ཁ݅ͷཧղͱӡ༻໘ͷ੔උ • ؂ࠪʹରԠ͢ΔϝϯόʔͰશ12ཁ݅ͷಡΈ߹ΘͤձΛ࣮ࢪ • ఆظతʹඞཁͳӡ༻λεΫΛચ͍ग़͠ͱͦͷλεΫͷ࣮ࢪ • ཁ݅ͱ࣮ࡍͷγεςϜʹ͋Θͤͨࣾ಺ϙϦγʔͷݟ௚͠ •

    վળޮՌ • CTO ͕ରԠ͍ͯͨ͠ӡ༻ΛνʔϜͰͰ͖ΔΑ͏ʹͳͬͨ • 3.5ਓఔ౓Ͱ2ͭͷϓϩμΫτͷ PCI DSS ४ڌΛୡ੒

  15. ৽ϓϩμΫτ1PPMͷϦϦʔε • ϦϦʔεલʹϕʔεϥΠϯ͸੔͓͖͍͑ͯͨ • AWS ΍γεςϜશମͷઃఆͷϨϏϡʔ • PCI DSS ཁ݅ͷ४ڌʹؔΘΔઃఆͳͲͷϨϏϡʔ

    • όϯυϧΧʔυͰݟ͔ͭͬͨط஌ͷ੬ऑੑ౳ͷରԠ • վળޮՌ • ط஌ͷ੬ऑੑʹ͍ͭͯϦϦʔεલʹରࡦͰ͖ͨ • ϦϦʔε࣌ͷߏ੒Ͱ PCI DSS ͷ४ڌΛୡ੒

  16. ͜͜·Ͱͷঢ়گ • ϓϩμΫτηΩϡϦςΟͷϕʔεϥΠϯ͸੔͖ͬͯͨ • େ͖ͳ੍໿ͱͳΔ PCI DSS ͷӡ༻΍؂ࠪ΋νʔϜͰରԠͰ͖͍ͯΔ • ࠓޙ͸ࣗಈԽͷਪਐ΍৽ٕज़ͷಋೖɺ͞ΒͳΔϦεΫܰݮࡦͷ࣮૷ΛਐΊΔ

    • ηΩϡϦςΟΛιϑτ΢ΣΞͰ࣮૷͍ͯ͘͠ɺ৭ʑͱָ͘͠ͳΔϑΣʔζ

  17. ࠓޙ΍͍͖͍ͬͯͨ͜ͱ • EC2 ΛՄೳͳݶΓഇࢭͯ͠ίϯςφ΁Ҡߦ (ਐߦத) • ηΩϡΞͰͳ͍ Go ͳͲͷίʔυͷࣗಈݕ஌ •

    ੬ऑੑ͓ΑͼαϓϥΠνΣʔϯؔ࿈ͷϞχλϦϯάͱͦͷରԠͷڧԽ • AWS ΍ GitHub ͳͲͷઃఆͷܧଓతͳݕূͱͦͷରԠͷࣗಈԽ • PCI DSS ͓ΑͼίϯϓϥΠΞϯεؔ࿈ӡ༻ͷࣗಈԽ • PCI DSS v4 ΁ͷ४ڌ

  18. Ұॹʹ΍Γ·ͤΜ͔ʂ https://team.kanmu.co.jp/

  19. Thanks!