Upgrade to Pro — share decks privately, control downloads, hide ads and more …

カンムにおけるプロダクトセキュリティのこれまでとこれから

Avatar for Moto Ishizawa Moto Ishizawa
September 30, 2022
Technology
3k
1

 カンムにおけるプロダクトセキュリティのこれまでとこれから

Avatar for Moto Ishizawa

Moto Ishizawa

September 30, 2022

More Decks by Moto Ishizawa

See All by Moto Ishizawa
LLM エージェントを使った実験
Avatar for Moto Ishizawa summerwind
0
1.4k
Sharing test cases of internet protocols with Go and OCI Artifacts
Avatar for Moto Ishizawa summerwind
0
1.2k
Using Thanos as a long-term storage for your Prometheus metrics
Avatar for Moto Ishizawa summerwind
1
13k
Using Kubernetes as a datastore for SPIRE
Avatar for Moto Ishizawa summerwind
1
1.2k
Whitebox Controller
Avatar for Moto Ishizawa summerwind
5
1.8k
Managing Kubernetes manifests with Spruce
Avatar for Moto Ishizawa summerwind
2
4.5k
Understanding HTTP/2 prioritization
Avatar for Moto Ishizawa summerwind
16
6.4k
HTTP/2 Deep Dive: Priority & Server Push
Avatar for Moto Ishizawa summerwind
17
3.7k
HTTP/2 Server Push Considered Harmful
Avatar for Moto Ishizawa summerwind
1
2.2k

Other Decks in Technology

See All in Technology
独断と偏見で試してみる、 シングル or マルチエージェント どっちがいいの?
Avatar for ShichijoYuhi shichijoyuhi
1
130
ハーネスエンジニアリングをやりすぎた話 ~そのハーネスは解体された~
Avatar for Gota gotalab555
5
1.8k
データ定義の混乱と戦う 〜 管理会計と財務会計 〜
Avatar for wonohe wonohe
0
150
AI時代における技術的負債への取り組み
Avatar for Tadashi Shigeoka codenote
1
1.7k
260422_Sansan_Tech_Talk__関西_vol.3_データ活用のリアル__矢田__.pdf
Avatar for SansanTech sansantech
PRO
0
120
AgentCore Managed Harness を使ってみよう
Avatar for やくも yakumo
2
230
M5Stack CoreS3とZephyr(RTOS)で Edge AIっぽいことしてみた
Avatar for misoji engineer iotengineer22
0
290
データを"持てない"環境でのアノテーション基盤設計
Avatar for SansanTech sansantech
PRO
1
140
Revisiting [CLS] and Patch Token Interaction in Vision Transformers
Avatar for yu4u yu4u
0
400
AIが盛んな時代に 技術記事を書き始めて起きた私の中での小さな変化
Avatar for 松尾淳平 peintangos
0
180
生成AIが変える SaaS の競争原理と弁護士ドットコムのプロダクト戦略
Avatar for 弁護士ドットコム bengo4com
1
2.3k
扱える不確実性を増やしていく - スタートアップEMが考える「任せ方」
Avatar for kadoppe kadoppe
0
320

Featured

See All Featured
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
Avatar for mongodb mongodb
49
9.9k
Building the Perfect Custom Keyboard
Avatar for Naoto Takai takai
2
730
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
Avatar for Tammy Everts tammyeverts
11
900
How to train your dragon (web standard)
Avatar for Monica Dinculescu notwaldorf
97
6.6k
Done Done
Avatar for chrislema chrislema
186
16k
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
Avatar for Tech SEO Connect techseoconnect
PRO
0
110
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
274
21k
The AI Search Optimization Roadmap by Aleyda Solis
Avatar for Aleyda Solis aleyda
1
5.7k
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
Avatar for Szymon Słowik szymonslowik
1
1k
Music & Morning Musume
Avatar for Bryan Veloso bryan
47
7.2k
Site-Speed That Sticks
Avatar for Harry Roberts csswizardry
13
1.2k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
57
14k

Transcript

  1. ΧϯϜʹ͓͚Δ ϓϩμΫτηΩϡϦςΟͷ ͜Ε·Ͱͱ͜Ε͔Β -BZFS9ͱ,BONV'JO5FDIελʔτΞοϓηΩϡϦςΟࣄ৘ 

  2. Moto Ishizawa Software Engineer, Kanmu, Inc.

  3. None

  4. ϓϩμΫτηΩϡϦςΟʜ 🤔 AWS API Go Python γεςϜߏ੒ ੬ऑੑ؅ཧ WAF Logging

    PCI DSS GitHub ݖݶ؅ཧ IAM VPC PKI TLS มߋ؅ཧ Monitoring σϓϩΠ ίϯςφ Linux Django

  5. ϓϩμΫτηΩϡϦςΟʜ 🤔 AWS API Go Python γεςϜߏ੒ ੬ऑੑ؅ཧ WAF Logging

    PCI DSS GitHub ݖݶ؅ཧ IAM VPC PKI TLS มߋ؅ཧ Monitoring σϓϩΠ ίϯςφ Linux Django

  6. ౰ॳͷঢ়گ • ϓϩμΫτ͸ʮόϯυϧΧʔυʯͷΈ • ܾࡁͷ࢓૊ΈΛఏڙ͍ͯ͠ΔͨΊɺηΩϡϦςΟ͸࠷΋ॏཁͳཁૉ • όοΫΤϯυΤϯδχΞ͸ CTO ΛؚΊͯ4ਓ •

    ϓϩμΫτηΩϡϦςΟͷྖҬ͸ओʹ CTO ͕୲౰ • ࠷ॳͷΠϯϑϥઐ೚ΤϯδχΞͱͯ͠ೖࣾ • AWS Կ΋Θ͔ΒΜϚϯ

  7. ͻͱ·ͣͷઓུ • ϓϩμΫτ։ൃʹࢀՃͯ͠γεςϜͷมߋϑϩʔΛ೺Ѳ͢Δ • AWS ͳͲͷΫϥ΢υαʔϏεͷ؅ཧऀݖݶΛ΋Β͍ར༻ঢ়گΛ೺Ѳ͢Δ • ։ൃ΍ӡ༻ʹؔΘΔ֤छαʔϏεͷݖݶ؅ཧͷঢ়گΛ೺Ѳ͢Δ • ηΩϡϦςΟ໘Ͱͷ੍໿Λ೺Ѳ͢Δ

  8. ݟ͖͑ͯͨ՝୊΍ϦεΫ • ຀Վతͳ AWS ͷ؅ཧ • ͍͋·͍ͳݖݶ؅ཧ΍มߋ؅ཧͷϓϩηε • ։ൃ࣌ظʹΑΓҟͳΔγεςϜߏ੒ •

    PCI DSS ʹΑΔ੍໿ͱଐਓతͳͦͷӡ༻ • Կ͔ى͖ͯ΋ؾ෇͚ͳ͍ɾௐࠪͰ͖ͳ͍ྖҬ͕͋Δ • ͳͲͳͲ…

  9. 1$*%44ͱ͸ • Payment Card Industry (PCI) ͱ͍͏ΫϨδοτΧʔυͷۀքஂମ͕ࡦఆͯ͠ ͍Δ Data Security

    Standard (DSS) ͱ͍͏ඪ४ͷ͜ͱ • Χʔυ৘ใΛద੾ʹ؅ཧ͢ΔͨΊͷηΩϡϦςΟج४͕ఆٛ͞Ε͍ͯΔ • ΧϯϜ͸ΫϨδοτΧʔυΛൃߦ͢Δཱ৔ͱͯ͠४ڌ͕ٻΊΒΕ͍ͯΔ • υΩϡϝϯτ͸ެࣜαΠτ͔Β୭Ͱ΋μ΢ϯϩʔυͰ͖Δ • https://www.pcisecuritystandards.org/document_library/

  10. վળํ਑ʮϕʔεϥΠϯΛ੔͑Δʯ • ઃఆͷ౷Ұ΍ΨόφϯεͷڧԽ • ϚωʔδυαʔϏεΛ׆༻ͨ͠γεςϜߏ੒ͷ੔ཧ • Կ͔͕ى͖ͯ΋ͦΕʹؾ͖ͮɺௐࠪͰ͖ΔΑ͏ʹ͢Δ (؂ࠪੑͷ޲্) • ࠷খݖݶͷݪଇʹै͏

    • CTO ʹλεΫ͕ूத͢Δঢ়ଶ͔Βͷ୤٫ • ։ൃऀͷମݧ΋Ұॹʹվળ͢Δ

  11. "84ͷվળྫ • ϕετϓϥΫςΟεʹجͮ͘ઃఆͷಋೖ • AWS Organization ͱ AWS SSO (AWS

    IAM Identity Center) ͷಋೖ • CloudTrail ͱ AWS Con fi g ͷ༗ޮԽͱϩάઐ༻ΞΧ΢ϯτͰͷҰݩ؅ཧ • GuardDuty ͱ Security Hub ͷಋೖ • վળޮՌ • ਺ଟ͘ଘࡏ͍ͯͨ͠ IAM User Λ׬શʹഇࢭ • SSO ʹΑΓෳ਺ͷ AWS ΞΧ΢ϯτ΁ͷϩάΠϯ͕༰қʹ • Կ͔ҟৗ͕͋ͬͯ΋ͦΕʹؾ͍ͮͯௐ͕ࠪͰ͖Δঢ়ଶʹ

  12. (JU)VCͷվળྫ • ϕετϓϥΫςΟεʹجͮ͘ઃఆͷಋೖ • ݖݶͷ୨Է͠ͱ Team ΍ Permission ͷ੔උ •

    CODEOWNERS ΍ Branch Protection ͷઃఆ • ࣗಈΞαΠϯ΍ Slack ௨஌ͷ༗ޮԽ • վળޮՌ • ѱҙͷ͋Δมߋ΍վ͟ΜΛ࠷௿ݶ๷ࢭ • มߋݖݶΛ࣋ͭਓͷ໌֬Խ • Slack Ͱ౎౓΍ΓͱΓ͍ͯͨ͠ϨϏϡʔґཔͷࣗಈԽ

  13. γεςϜߏ੒ͷվળྫ • ϚωʔδυαʔϏε΁ͷஔ͖׵͑΍ΞΫηε੍ޚͷݟ௚͠Λ࣮ࢪ • Session Manager Λಋೖ͠ɺ2िؒʹ1ճ͙Β͍յΕΔ LDAP Λൃഁղମ •

    Cloud One Λಋೖ͠ɺಠࣗӡ༻͍ͯͨ͠ OSSEC Λൃഁղମ • վળޮՌ • ӡ༻ෛՙͷܰݮ • ϞχλϦϯά͓Αͼ؂ࠪੑͷ޲্ • SSO ʹΑΓ EC2 Πϯελϯε΁ͷΞΫηε͕༰қʹ

  14. 1$*%44ؔ࿈ͷվળྫ • ཁ݅ͷཧղͱӡ༻໘ͷ੔උ • ؂ࠪʹରԠ͢ΔϝϯόʔͰશ12ཁ݅ͷಡΈ߹ΘͤձΛ࣮ࢪ • ఆظతʹඞཁͳӡ༻λεΫΛચ͍ग़͠ͱͦͷλεΫͷ࣮ࢪ • ཁ݅ͱ࣮ࡍͷγεςϜʹ͋Θͤͨࣾ಺ϙϦγʔͷݟ௚͠ •

    վળޮՌ • CTO ͕ରԠ͍ͯͨ͠ӡ༻ΛνʔϜͰͰ͖ΔΑ͏ʹͳͬͨ • 3.5ਓఔ౓Ͱ2ͭͷϓϩμΫτͷ PCI DSS ४ڌΛୡ੒

  15. ৽ϓϩμΫτ1PPMͷϦϦʔε • ϦϦʔεલʹϕʔεϥΠϯ͸੔͓͖͍͑ͯͨ • AWS ΍γεςϜશମͷઃఆͷϨϏϡʔ • PCI DSS ཁ݅ͷ४ڌʹؔΘΔઃఆͳͲͷϨϏϡʔ

    • όϯυϧΧʔυͰݟ͔ͭͬͨط஌ͷ੬ऑੑ౳ͷରԠ • վળޮՌ • ط஌ͷ੬ऑੑʹ͍ͭͯϦϦʔεલʹରࡦͰ͖ͨ • ϦϦʔε࣌ͷߏ੒Ͱ PCI DSS ͷ४ڌΛୡ੒

  16. ͜͜·Ͱͷঢ়گ • ϓϩμΫτηΩϡϦςΟͷϕʔεϥΠϯ͸੔͖ͬͯͨ • େ͖ͳ੍໿ͱͳΔ PCI DSS ͷӡ༻΍؂ࠪ΋νʔϜͰରԠͰ͖͍ͯΔ • ࠓޙ͸ࣗಈԽͷਪਐ΍৽ٕज़ͷಋೖɺ͞ΒͳΔϦεΫܰݮࡦͷ࣮૷ΛਐΊΔ

    • ηΩϡϦςΟΛιϑτ΢ΣΞͰ࣮૷͍ͯ͘͠ɺ৭ʑͱָ͘͠ͳΔϑΣʔζ

  17. ࠓޙ΍͍͖͍ͬͯͨ͜ͱ • EC2 ΛՄೳͳݶΓഇࢭͯ͠ίϯςφ΁Ҡߦ (ਐߦத) • ηΩϡΞͰͳ͍ Go ͳͲͷίʔυͷࣗಈݕ஌ •

    ੬ऑੑ͓ΑͼαϓϥΠνΣʔϯؔ࿈ͷϞχλϦϯάͱͦͷରԠͷڧԽ • AWS ΍ GitHub ͳͲͷઃఆͷܧଓతͳݕূͱͦͷରԠͷࣗಈԽ • PCI DSS ͓ΑͼίϯϓϥΠΞϯεؔ࿈ӡ༻ͷࣗಈԽ • PCI DSS v4 ΁ͷ४ڌ

  18. Ұॹʹ΍Γ·ͤΜ͔ʂ https://team.kanmu.co.jp/

  19. Thanks!