Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
LLM-powered AppのSDLCとテストにトライしてみる
Search
mark t
July 17, 2025
0
260
LLM-powered AppのSDLCとテストにトライしてみる
SDLC includes testing, though...
mark t
July 17, 2025
Tweet
Share
More Decks by mark t
See All by mark t
SOC 2はサイバーディフェンスに役立つか? (SOC2ゆるミートアップ#2)
marktshr
2
390
Featured
See All Featured
The agentic SEO stack - context over prompts
schlessera
0
700
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.2k
Unlocking the hidden potential of vector embeddings in international SEO
frankvandijk
0
210
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
davidcarrasco
0
91
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.4k
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
120
Amusing Abliteration
ianozsvald
0
140
ラッコキーワード サービス紹介資料
rakko
1
2.7M
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
akademiya2063
PRO
1
75
Impact Scores and Hybrid Strategies: The future of link building
tamaranovitovic
0
230
Navigating Weather and Climate Data
rabernat
0
140
What Being in a Rock Band Can Teach Us About Real World SEO
427marketing
0
200
Transcript
LLM-powered AppͷSDLCͱςετʹ τϥΠͯ͠ΈΔ 2025.07 markt, Security Team, primeNumber Inc.
2 markt Security Engineer at primeNumber Inc. (@NKMGR_OldSchool) BurpAIͰͳΜͱ͔ͳΕʔ (ͳΒͳ͔ͬͨ)
͖ͳΫϥυαʔϏε : … ͖ͳ੬ऑੑ : ͳ͍Α, ͳ͍΄͏͕ྑ͍Α
ձࣾ֓ཁ 3 גࣜձࣾprimeNumber දऔకCEO ాᬑ ༤थ 201511݄ 116໊ 34ԯԁ ౦ژ্۠େ࡚3ஸ1൪1߸
JR౦ٸࠇϏϧ5F ձ໊ࣾ ද ۀ ϝϯόʔ ྦྷܭௐୡֹ ΦϑΟε © primeNumber Inc.
4 primeNumber͕ఏڙ͢ΔαʔϏε σʔλϚωδϝϯτ֤ϑΣʔζͷ՝ʹԠ͑Δ͘ɺෳͷSaaSΛఏڙ͍ͯ͠·͢ɻ ·ͨɺίϯαϧςΟϯάαʔϏεɺͯ͢ͷϑΣʔζΛϫϯετοϓͰࢧԉՄೳͰ͢ɻ © primeNumber Inc. ׆༻ ੳ ՄࢹԽ
ੵ ౷߹ ࡏ σʔλར׆༻ͷ࣮ݱʹ͚ͨ θϩ͔ΒͷεςοϓΛϫϯετοϓͰαϙʔτ ΫϥυETLαʔϏε σʔλΛ׆༻ͨ͠ࢪࡦ࣮ߦʹ ಛԽͨ͠࿈ܞαʔϏε AI σʔλϓϥοτϑΥʔϜ
5 GenAI(LLM)ΈࠐΜͰ·͔͢? Bedrock (Claude)Λͬͯ AIػೳΛ࣮͢Δͧ! σβΠϯϨϏϡʔͱ͔ςετ ͱ͔ࢹͱ͔Ͳ͏͠Α͏͔… ͋Δ… me…
6 LLM-powered AppͷSecure SDLCͷظͱݱ࣮ 👍 OWASP Top 10 for LLM
Apps => ςετख๏Λߟ͑Δͷʹʹཱͬͨ ͦͷ··͑Δprompt͕͋ΔΘ͚Ͱͳ͍ ग़ճ͍ͬͯΔprompt injectionଞͷcheat sheet => LLMΛ͏web appͷ߈ܸʹweight͕ͳ͍ Bedrockެࣜdocs => BedrockΛηΩϡΞʹ͏ͨΊͷ༰ Guardrail·͘͠ͳ͍ձΛ͙త => SDLCख୳ΓͰΔ͔͠ͳ͍… ेݟཷ·͍ͬͯͯ ͦͷ··͑ΔͷͰ?
7 Ͳ͜ͷ߈ܸΛ͙ͷ͔ ෦tool ෦tool general Q ͜͜ͷѱ༻ ͍͗ͨ ͜͜Bedrock ΑΖ͘͠…
݁ہͲ͜ʹॏཁͳࢿ࢈͕͋Δ͔ɺ Ͳ͏͞ΕͨΒݏ͔ͱ͍͏ جຊతͳڴҖϞσϦϯά༗ޮ ౸ୡ͞Εͨ͘ͳ͍DBs Design ͷதͰAI͕༡Ϳͷ ڐ༰͢Δ(͜ͱʹͳΔ) Design Coding
8 OWASP Top 10͞ΜͬͯΈΔ OWASP Top 10 for LLM 2024
→ 2025Ͱ͔ͳΓมΘͬͨ - Prompt injectionͷົԽͱͦͷରࡦ - LibraryΛૂ͏ख๏͕ڧԽ - system prompt࿙Ӯ͢Δલఏͷೝࣝ - ϓϩόΠμͷنมߋ͏ LLMͷਫ਼(৴པ)্͕͕Δ -> Ͱ͖Δݖݶͱ߈ܸγφϦΦ͕૿͑Δ OWASPࢼߦࡨޡதͬΆ͍ - ؔ࿈WG͕ͨ͘͞Μൃੜத https://genai.owasp.org/ - OWASP Global Slack https://join.slack.com/t/owasp/signup dev team͚ʹཧͨ͠͠Ϧετ Testing
9 Prompt InjectorΛ࡞ͬͯΈΔ PromptsΛಡΈࠐ·ͤͯͨͩྲྀ͠ࠐΉscanͰcheck͍ͨ͠ (ձͣͬͱ͚ͭͮΔͷπϥ͍/Կࢼ͔ͨ͠Εͯ͠·͏…) ↓ BurpͳΒExtension͕͋Δͣ… AI Prompt Fuzzer͑Δ͔ͳ
↓ PayloadsҰ੪ʹૹΔλΠϓͰձ༻Ͱͳ͔ͬͨ ↓ →Extensionͷextension͕͍࣌͢͠ʹͳͬͨ #PoCʹཹΊΑ͏ɺcontributionߟ͑Α͏ -༧ΊಡΈࠐΜͩpromptsΛPLACEHOLDERʹ͍ Εͯॱ൪ʹ͍͛ͯ͘ - AI͔Βͷฦstatus֬ೝ͕݅Εɺ֬ೝޙʹ ࣍ͷpromptΛPOSTͰ͖Δ ✨ (վ) Testing
Prompt InjectorΛ࡞ͬͯΈ͕ͨ… 10 Context is everything… - publicʹ͋Δpromptsmodelͷ߈ܸ͕ϝΠϯ - ੍Λແࢹͯ͠Έ͍ͨͳϕλͳpromptͰ
Bedrockͼ͘ͱ͠ͳ͍ɺͱ͍͏͔ͦ͜Λ ૂͬͯςετͷޮՌ͍ - Tool useͰͷγφϦΦͱσʔλͱͷݟൺ͕ඞ ཁ LLMsʹΑΔpromptఏҊ - Code baseಡ·ͤͨAIʹpromptΛߟ͑ͤ͞Δͱ ࡉ͔͍ࢦࣔग़ͯ͘͠Δ(ಛఆͷvalidationΛࢦఆ͠ ͯແޮԽ͠Ζͱ͔) - େྔσʔλੜͱ͔ϩάશআͱ͔᪳ͷͳ͍ ࢦࣔΛఏҊͯ͘͠Δ
11 ·ͱΊ: LLM-powered AppͷSecure SDLCͷݱ࣮ Design - σβΠϯϨϏϡʔޮՌେ (ಛʹॳճ) -
AmazonͷͷAmazonʹ(कͬͯΒ͏) - Ͳ͜ͰLLMʹૹΔͷ͔(Chat͚ͩͱݶΒͳ͍) - DoS͕͔ͳΓݱ࣮తͳϦεΫ - ๏ϨϏϡʔେࣄ (LLMͷૹ৴ͱن) - Trial & error͔͠ͳͦ͞͏ - LLMʹLLMΛ߈ܸ͢ΔpromptΛߟ͑ͤ͞Δ (֤ࣾϝϞϦҭͯதͩͱࢥ͏ͷͰͦͷagentͳΒ ώτΑΓࡓ͑ͨprompt͕ग़ͤΔͱظ) Top 10ղઆdocΛ࡞͠ ઃܭ&࣮ஈ֊ͰͲΜͳ߈ܸ͕ དྷΔ͔Πϝʔδͯ͠Β͏ Monitoring - қɾߴ (ಛʹinlineͰͷblock) - ࢦࣔͷ“ҙຯ”͕ΘΕLLM͕উखʹͯ͠ actionͯ͠͠·͏ - taggingLLM Observability Tools͕ॏཁͦ͏ Coding Testing
marktshr
schlessera
irinanazarova
frankvandijk
davidcarrasco
ipullrank
kimpetersen
ianozsvald
rakko
akademiya2063
tamaranovitovic
rabernat
427marketing
