Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PCI DSS v 3.2に対する対応
Search
benzookapi
May 12, 2016
Technology
2
2.4k
PCI DSS v 3.2に対する対応
@ Security Night #1 2016.5.11
http://secnight.connpass.com/event/30672/
benzookapi
May 12, 2016
Tweet
Share
More Decks by benzookapi
See All by benzookapi
技術をお金と貢献に変える、Shopifyテーマとアプリの開発
benzookapi
1
1.9k
Shopify Storefront APIを使った PWA e-commerceの解説とデモ
benzookapi
0
410
DevRel for tech. entrepreneurs: Beyond platform partners
benzookapi
0
110
Shopifyを使ったヘッドレスコマースの 実現方法と事例
benzookapi
0
150
React + GraphQL を使ったShopify Appの作り方と そのマネタイズ方法
benzookapi
1
1.2k
Shopifyアプリエコシステムで始める 第3のスキルマネタイズ
benzookapi
0
4k
Tech. Blog TIPS
benzookapi
0
250
Our new DevRel: Invention of scaling out partner ecosystem
benzookapi
0
250
WordPressとShopifyでECサイトを作ろう
benzookapi
0
1k
Other Decks in Technology
See All in Technology
OCI Vault 概要
oracle4engineer
PRO
0
9.7k
[CV勉強会@関東 ECCV2024 読み会] オンラインマッピング x トラッキング MapTracker: Tracking with Strided Memory Fusion for Consistent Vector HD Mapping (Chen+, ECCV24)
abemii
0
220
OCI 運用監視サービス 概要
oracle4engineer
PRO
0
4.8k
Incident Response Practices: Waroom's Features and Future Challenges
rrreeeyyy
0
160
Terraform Stacks入門 #HashiTalks
msato
0
350
組織成長を加速させるオンボーディングの取り組み
sudoakiy
2
160
AIチャットボット開発への生成AI活用
ryomrt
0
170
Engineer Career Talk
lycorp_recruit_jp
0
170
データプロダクトの定義からはじめる、データコントラクト駆動なデータ基盤
chanyou0311
2
320
SREが投資するAIOps ~ペアーズにおけるLLM for Developerへの取り組み~
takumiogawa
1
320
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
37
12k
AWS Lambda のトラブルシュートをしていて思うこと
kazzpapa3
2
180
Featured
See All Featured
A designer walks into a library…
pauljervisheath
204
24k
Building Applications with DynamoDB
mza
90
6.1k
What's in a price? How to price your products and services
michaelherold
243
12k
Why Our Code Smells
bkeepers
PRO
334
57k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
YesSQL, Process and Tooling at Scale
rocio
169
14k
A Tale of Four Properties
chriscoyier
156
23k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Visualization
eitanlees
145
15k
Art, The Web, and Tiny UX
lynnandtonic
297
20k
Into the Great Unknown - MozCon
thekraken
32
1.5k
The Invisible Side of Design
smashingmag
298
50k
Transcript
PCI DSS v 3.2ʹର͢ΔରԠ Junichi Okamura @ Security Night #1
2016.5.11
Who am I? • Junichi Okamura @benzookapi • API Lover/Midnight
Creator/TDD (Talk Driven Development) Advocator • Rock/Wine/DQ/JOJO/I18N/Marketing/Payment • Scala/Java/Ruby/Python/Node.js/PHP/Mobile/Unity/../ppt
Today’s Topic PCI DSSͷΜΘΓઆ໌ͱɺ ͱ͋ΔFinTechاۀͷରԠʹ͍ͭͯ
PCI DSSͱʁ Payment Card Industry Data Security Standardͷུɻ ࠃࡍϖΠϝϯτϒϥϯυ5͕ࣾڞಉͰࡦఆͨ͠ɺ ΫϨδοτۀքʹ͓͚ΔάϩʔόϧηΩϡϦςΟج४ɻ
PCI SSCʹΑͬͯཧɻ
PCI SSCͱʁ Payment Card Industry Security Standards Councilͷུɻ લग़̑ࣾͰઃཱͨ͠ηΩϡϦςΟཧஂମɻ
ͬ͘͟Γݴ͏ͱ ΫϨδοτΧʔυΛѻ͏ۀऀ͕औಘ͖͢ηΩϡϦςΟن֨
͞Βʹݴ͏ͱ ΫϨδοτΧʔυใ͕̍ճͰૹ͢ΔՄೳੑͷ͋ΔۀऀऔΒͳ ͍ͱμϝͳͷͰ͢ɻʢຊདྷʣ
PCI DSSͷओཁ߲ ҆શͳωοτϫʔΫͷߏஙɾҡ࣋ Χʔυձһσʔλͷอޢ ੬ऑੑΛཧ͢ΔϓϩάϥϜͷඋ ڧݻͳΞΫηε੍ޚख๏ͷಋೖ ఆظతͳωοτϫʔΫͷࢹ͓Αͼςετ ใηΩϡϦςΟɾϙϦγʔͷඋ ʢ࣮ࡍͷ͘͢͝ࡉԽ͞Εఆٛ͞Ε͍ͯ·͢ʣ
PCI DSSͷऔಘํ๏ ථʹΑΔࣗݾஅ ੬ऑੑεΩϟχϯάςετ ๚ௐࠪ ʢ࣮ࡍΫϨδοτΧʔυͷѻ͍ํͰϨϕϧ͚͞Ε͍ͯ·͢ʣ
PCI DSSͷऔಘίετ औಘ͢ΔϨϕϧʹΑΓ·͕͢ɺ ௨ৗؒඦສ͙Β͍͔͔Γ·͢ɻ
PCI DSSΛऔΒͳ͍ͱͲ͏ͳΔͷʁ ΧʔυܾࡁΛड͚͚Δ͜ͱͰ͖·ͤΜ ʢຊདྷʣ
࣮… ܾࡁߦࢿۚҠಈۀऀͳͲ͕औಘ͍ͯͯ͠ɺ Χʔυใ൴Β͕ѻ͏ͷͰɺ Ұൠͷۀऀ൴ΒΛհͯ͠ΧʔυܾࡁΛड͚Δ͜ͱ͕Ͱ͖·͢
PCI DSSͷৄࡉʹ͍ͭͯ ࣍ճҎ߱ͰಛूΉ༧ఆͰ͢ ࠓ͜ͷลͰצห
PCI DSSͷόʔδϣϯ 200412݄ ੍ఆ 20069݄ v 1.1 200810݄ v1.2 ->
v 2.0 201312݄ v 3.0 20154݄ v 3.1 20164݄ v 3.2 (࠷৽ʣ
࠷৽൛ v 3.2ʹ͍ͭͯ v 3.0 ͔Βͷओͳมߋɿ TLS 1.1Ҏ্ͷ௨৴Λαϙʔτ͠ͳ͍͞ʢ20166݄30·Ͱʹʣ SSL/TLS 1.0ͷ௨৴ΛແޮԽ͠ͳ͍͞ʢ20186݄30·Ͱʹʣ
ͭ·Γ 20166݄30Ҏ߱ʹTLS1.1Λαϙʔτ͍ͯ͠ͳ͍ۀऀ 20186݄30Ҏ߱ʹSSl/TLS1.0Λαϙʔτ͍ͯ͠Δۀऀ ʹ PCI DSSΛണୣ͞ΕΔʁʢͣʣ
SSLʁTLSʁ ͍͖ͳΓࠓͷςʔϚʹ͍͖ۙͮͯ·ͨ͠
ͳͥ͜Μͳมߋ͕ͳ͞Εͨͷ͔ʁ ͜͜Ͱͪΐͬͱࢥ͍ग़ͯ͠Έ·͠ΐ͏
ࡢࠓͷOSSͷ੬ऑੑͷൃ֮ Heartbleedʢ20144݄ʣ POODLEʢ201410݄ʣ Logjamʢ20155݄ʣ … ଟ༰Α͘Θ͔Βͳͯ͘ฉ͍ͨ͜ͱ͋Δͣ
҆શͳωοτϫʔΫͷߏஙɾҡ࣋ ͜ͷେલఏ͕͜ͷ··ͩͱڴ͔͞ΕΔ ͦΕΛ્ࢭ͢ΔͨΊͷߋ৽
PCI DSSΛऔಘ͍ͯ͠ΔاۀͷରԠ ΓFinTechاۀ͕Ұ൪හײ
FinTechاۀҐ֎ؔͳ͍ʁ ͦ͏Ͱ͋Γ·ͤΜ ݸਓใͳͲ༷ʑͳηϯγςΟϒใΛѻ͏େاۀ PCI DSSΛऔಘ͍ͯ͠Δ͜ͱ͕ଟ͍Ͱ͢ ʢྫɿAWS͞Μͱ͔ʣ ͦͦηΩϡϦςΟશͯͷαʔϏεʹେࣄ
FinTechاۀͷରԠྫ
PayPalͷࣄྫ PCI DSS v3.2Ҏ֎ͷͷؚΜͰ ηΩϡϦςΟܭըͱͯ͠άϩʔόϧͰ࣮ࢪ
ରԠ߲ SSLূ໌ॻͷΞοϓάϨʔυʢVeriSign G5ʣ TLS1.2/HTTP1.1ͷΞοϓάϨʔυ γεςϜؒ௨৴ͷHTTPͷഇࢭ ClassicɹAPIͷGETഇࢭʢRESTআ͘ʣ ͦͷଞ…
ৄࡉʢϚΠΫϩαΠτʣ https://www.paypal-knowledge.com/infocenter/index? page=content&id=FAQ1913&expand=true&locale=ja_JP
։ൃऀ͚ηΩϡϦςΟΨΠυϥΠϯ https://developer.paypal.com/docs/classic/lifecycle/info-security- guidelines/
ͳͥʢલͯ͠͠·ͰʣΔ͔ʁ FinTechاۀͱͯ͠ͷ҆શɾ҆શͷͨΊ
Thank You Junichi Okamura @ Security Night #1 2016.5.11