Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
LLM-powered AppのSDLCとテストにトライしてみる
Search
mark t
July 17, 2025
0
240
LLM-powered AppのSDLCとテストにトライしてみる
SDLC includes testing, though...
mark t
July 17, 2025
Tweet
Share
More Decks by mark t
See All by mark t
SOC 2はサイバーディフェンスに役立つか? (SOC2ゆるミートアップ#2)
marktshr
2
310
Featured
See All Featured
Art, The Web, and Tiny UX
lynnandtonic
304
21k
Discover your Explorer Soul
emna__ayadi
2
1.1k
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
tomoyanonymous
2
420
Navigating the moral maze — ethical principles for Al-driven product design
skipperchong
2
250
The Spectacular Lies of Maps
axbom
PRO
1
520
Paper Plane
katiecoart
PRO
0
46k
Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline
techseoconnect
PRO
0
110
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
katarinadahlin
PRO
0
3.4k
Marketing Yourself as an Engineer | Alaka | Gurzu
gurzu
0
130
Producing Creativity
orderedlist
PRO
348
40k
The Cult of Friendly URLs
andyhume
79
6.8k
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
62
50k
Transcript
LLM-powered AppͷSDLCͱςετʹ τϥΠͯ͠ΈΔ 2025.07 markt, Security Team, primeNumber Inc.
2 markt Security Engineer at primeNumber Inc. (@NKMGR_OldSchool) BurpAIͰͳΜͱ͔ͳΕʔ (ͳΒͳ͔ͬͨ)
͖ͳΫϥυαʔϏε : … ͖ͳ੬ऑੑ : ͳ͍Α, ͳ͍΄͏͕ྑ͍Α
ձࣾ֓ཁ 3 גࣜձࣾprimeNumber දऔకCEO ాᬑ ༤थ 201511݄ 116໊ 34ԯԁ ౦ژ্۠େ࡚3ஸ1൪1߸
JR౦ٸࠇϏϧ5F ձ໊ࣾ ද ۀ ϝϯόʔ ྦྷܭௐୡֹ ΦϑΟε © primeNumber Inc.
4 primeNumber͕ఏڙ͢ΔαʔϏε σʔλϚωδϝϯτ֤ϑΣʔζͷ՝ʹԠ͑Δ͘ɺෳͷSaaSΛఏڙ͍ͯ͠·͢ɻ ·ͨɺίϯαϧςΟϯάαʔϏεɺͯ͢ͷϑΣʔζΛϫϯετοϓͰࢧԉՄೳͰ͢ɻ © primeNumber Inc. ׆༻ ੳ ՄࢹԽ
ੵ ౷߹ ࡏ σʔλར׆༻ͷ࣮ݱʹ͚ͨ θϩ͔ΒͷεςοϓΛϫϯετοϓͰαϙʔτ ΫϥυETLαʔϏε σʔλΛ׆༻ͨ͠ࢪࡦ࣮ߦʹ ಛԽͨ͠࿈ܞαʔϏε AI σʔλϓϥοτϑΥʔϜ
5 GenAI(LLM)ΈࠐΜͰ·͔͢? Bedrock (Claude)Λͬͯ AIػೳΛ࣮͢Δͧ! σβΠϯϨϏϡʔͱ͔ςετ ͱ͔ࢹͱ͔Ͳ͏͠Α͏͔… ͋Δ… me…
6 LLM-powered AppͷSecure SDLCͷظͱݱ࣮ 👍 OWASP Top 10 for LLM
Apps => ςετख๏Λߟ͑Δͷʹʹཱͬͨ ͦͷ··͑Δprompt͕͋ΔΘ͚Ͱͳ͍ ग़ճ͍ͬͯΔprompt injectionଞͷcheat sheet => LLMΛ͏web appͷ߈ܸʹweight͕ͳ͍ Bedrockެࣜdocs => BedrockΛηΩϡΞʹ͏ͨΊͷ༰ Guardrail·͘͠ͳ͍ձΛ͙త => SDLCख୳ΓͰΔ͔͠ͳ͍… ेݟཷ·͍ͬͯͯ ͦͷ··͑ΔͷͰ?
7 Ͳ͜ͷ߈ܸΛ͙ͷ͔ ෦tool ෦tool general Q ͜͜ͷѱ༻ ͍͗ͨ ͜͜Bedrock ΑΖ͘͠…
݁ہͲ͜ʹॏཁͳࢿ࢈͕͋Δ͔ɺ Ͳ͏͞ΕͨΒݏ͔ͱ͍͏ جຊతͳڴҖϞσϦϯά༗ޮ ౸ୡ͞Εͨ͘ͳ͍DBs Design ͷதͰAI͕༡Ϳͷ ڐ༰͢Δ(͜ͱʹͳΔ) Design Coding
8 OWASP Top 10͞ΜͬͯΈΔ OWASP Top 10 for LLM 2024
→ 2025Ͱ͔ͳΓมΘͬͨ - Prompt injectionͷົԽͱͦͷରࡦ - LibraryΛૂ͏ख๏͕ڧԽ - system prompt࿙Ӯ͢Δલఏͷೝࣝ - ϓϩόΠμͷنมߋ͏ LLMͷਫ਼(৴པ)্͕͕Δ -> Ͱ͖Δݖݶͱ߈ܸγφϦΦ͕૿͑Δ OWASPࢼߦࡨޡதͬΆ͍ - ؔ࿈WG͕ͨ͘͞Μൃੜத https://genai.owasp.org/ - OWASP Global Slack https://join.slack.com/t/owasp/signup dev team͚ʹཧͨ͠͠Ϧετ Testing
9 Prompt InjectorΛ࡞ͬͯΈΔ PromptsΛಡΈࠐ·ͤͯͨͩྲྀ͠ࠐΉscanͰcheck͍ͨ͠ (ձͣͬͱ͚ͭͮΔͷπϥ͍/Կࢼ͔ͨ͠Εͯ͠·͏…) ↓ BurpͳΒExtension͕͋Δͣ… AI Prompt Fuzzer͑Δ͔ͳ
↓ PayloadsҰ੪ʹૹΔλΠϓͰձ༻Ͱͳ͔ͬͨ ↓ →Extensionͷextension͕͍࣌͢͠ʹͳͬͨ #PoCʹཹΊΑ͏ɺcontributionߟ͑Α͏ -༧ΊಡΈࠐΜͩpromptsΛPLACEHOLDERʹ͍ Εͯॱ൪ʹ͍͛ͯ͘ - AI͔Βͷฦstatus֬ೝ͕݅Εɺ֬ೝޙʹ ࣍ͷpromptΛPOSTͰ͖Δ ✨ (վ) Testing
Prompt InjectorΛ࡞ͬͯΈ͕ͨ… 10 Context is everything… - publicʹ͋Δpromptsmodelͷ߈ܸ͕ϝΠϯ - ੍Λແࢹͯ͠Έ͍ͨͳϕλͳpromptͰ
Bedrockͼ͘ͱ͠ͳ͍ɺͱ͍͏͔ͦ͜Λ ૂͬͯςετͷޮՌ͍ - Tool useͰͷγφϦΦͱσʔλͱͷݟൺ͕ඞ ཁ LLMsʹΑΔpromptఏҊ - Code baseಡ·ͤͨAIʹpromptΛߟ͑ͤ͞Δͱ ࡉ͔͍ࢦࣔग़ͯ͘͠Δ(ಛఆͷvalidationΛࢦఆ͠ ͯແޮԽ͠Ζͱ͔) - େྔσʔλੜͱ͔ϩάશআͱ͔᪳ͷͳ͍ ࢦࣔΛఏҊͯ͘͠Δ
11 ·ͱΊ: LLM-powered AppͷSecure SDLCͷݱ࣮ Design - σβΠϯϨϏϡʔޮՌେ (ಛʹॳճ) -
AmazonͷͷAmazonʹ(कͬͯΒ͏) - Ͳ͜ͰLLMʹૹΔͷ͔(Chat͚ͩͱݶΒͳ͍) - DoS͕͔ͳΓݱ࣮తͳϦεΫ - ๏ϨϏϡʔେࣄ (LLMͷૹ৴ͱن) - Trial & error͔͠ͳͦ͞͏ - LLMʹLLMΛ߈ܸ͢ΔpromptΛߟ͑ͤ͞Δ (֤ࣾϝϞϦҭͯதͩͱࢥ͏ͷͰͦͷagentͳΒ ώτΑΓࡓ͑ͨprompt͕ग़ͤΔͱظ) Top 10ղઆdocΛ࡞͠ ઃܭ&࣮ஈ֊ͰͲΜͳ߈ܸ͕ དྷΔ͔Πϝʔδͯ͠Β͏ Monitoring - қɾߴ (ಛʹinlineͰͷblock) - ࢦࣔͷ“ҙຯ”͕ΘΕLLM͕উखʹͯ͠ actionͯ͠͠·͏ - taggingLLM Observability Tools͕ॏཁͦ͏ Coding Testing
marktshr
lynnandtonic
emna__ayadi
tomoyanonymous
skipperchong
axbom
katiecoart
techseoconnect
katarinadahlin
gurzu
orderedlist
andyhume
soudai
