Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Amazon inspector で自動セキュリティ診断 / Automatic secur...
Search
Ryo Shibayama
November 20, 2016
Technology
0
77
Amazon inspector で自動セキュリティ診断 / Automatic security diagnostics with Amazon inspector
Ryo Shibayama
November 20, 2016
Tweet
Share
More Decks by Ryo Shibayama
See All by Ryo Shibayama
技術広報の集い #3 Lightning Talk - LayerX
serima
0
420
採用は全員で | Chuo TECH #1
serima
4
1.5k
高専 5 年時に 7 泊 8 日の合宿型ビジコンに参加したら人生が変わった
serima
0
430
カジュアル面談を通して “自社”のことを知る
serima
0
270
倒れても進捗 / Progress even if I fall
serima
1
850
CircleCI 導入への入門 / Introduction to CircleCI
serima
0
130
GameWithを支えるインフラ基盤 - スケールイン・アウト戦略編 / GameWith infrastructure - Scale in and out strategy
serima
0
91
エンジニア採用と PHP / Engineer Recruitment and PHP
serima
0
110
できることから始める OSS Contribution / Start OSS Contribution With What You Know
serima
1
250
Other Decks in Technology
See All in Technology
AI時代のSaaSとETL
shoe116
1
140
OSC仙台プレ勉強会 AlmaLinuxとは
koedoyoshida
0
150
組織全体で実現する標準監視設計
yuobayashi
3
490
JAWS Days 2026 楽しく学ぼう! 認証認可 入門/20260307-jaws-days-novice-lane-auth
opelab
11
2.1k
Oracle Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
5
1.2k
モブプログラミング再入門 ー 基本から見直す、AI時代のチーム開発の選択肢 ー / A Re-introduction of Mob Programming
takaking22
5
1.4k
わからなくて良いなら、わからなきゃだめなの?
kotaoue
1
330
楽しく学ぼう!ネットワーク入門
shotashiratori
4
3.2k
Oracle Cloud Infrastructure IaaS 新機能アップデート 2025/12 - 2026/2
oracle4engineer
PRO
0
110
AI実装による「レビューボトルネック」を解消する仕様駆動開発(SDD)/ ai-sdd-review-bottleneck
rakus_dev
0
120
OCHaCafe S11 #2 コンテナ時代の次の一手:Wasm 最前線
oracle4engineer
PRO
2
120
JAWS DAYS 2026 ExaWizards_20260307
exawizards
0
420
Featured
See All Featured
The browser strikes back
jonoalderson
0
790
WENDY [Excerpt]
tessaabrams
9
36k
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
240
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.6k
Docker and Python
trallard
47
3.8k
Raft: Consensus for Rubyists
vanstee
141
7.4k
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
davidcarrasco
0
86
Reality Check: Gamification 10 Years Later
codingconduct
0
2k
How to Grow Your eCommerce with AI & Automation
katarinadahlin
PRO
1
140
How to Ace a Technical Interview
jacobian
281
24k
The Mindset for Success: Future Career Progression
greggifford
PRO
0
280
Transcript
Amazon Inspector Ͱ ࣗಈηΩϡϦςΟஅ גࣜձࣾβούϥε @serima / ࣲࢁ ྮ
ࣗݾհ • ىۀˠ·͙·͙ˠάϦʔˠβούϥε • βούϥεೖࣾ 1 ܦͬͨ • αʔόαΠυΤϯδχΞ •
Πϯϑϥ͍ͬͯ·͢
Rint
AWS ͬͯ·͢ • βούϥεͰɺҰ෦αʔϏεͰ AWS Λར༻ • EC2/ELB/Route 53/S3/RDS/ElastiCache
• ελϯμʔυͳߏ
੬ऑੑ ಡΊͳ͍
੬ऑੑ • γεςϜͷ҆શ্ͷܽؕ • ηΩϡϦςΟϗʔϧ • ์͓ͬͯ͘ͱɺ͜ΕΛಥ͔ΕͯඃΛड͚Δ Մೳੑ͕͋Δ
ຖिͷΑ͏ʹݟ͔ͭΔ੬ऑੑ
ใݯ • JPCERT • IPA • Wordpress ެࣜαΠτ • PHP
ެࣜαΠτ • ଞʹ͍Ζ͍Ζ…
None
CVE • Common Vulnerabilities and Exposures • ڞ௨੬ऑੑࣝผࢠ • ถࠃͷMITRE͕ࣾఏڙ͍ͯ͠Δ੬ऑੑใ
σʔλϕʔε • CVE-ID ҰҙʹৼΒΕɺੈքڞ௨
ηΩϡϦςΟνΣοΫɺ ͯ͠·͔͢ʁ
Amazon Inspector • 20165݄ʹҰൠར༻։࢝ • EC2 Πϯελϯεͷ੬ऑੑΛݕͯ͘͠ΕΔ αʔϏε
None
None
ԿͷνΣοΫ͕Ͱ͖Δͷ͔ • Common Vulnerabilities and Exposures • CIS Operating System
Security Configuration Benchmarks • Security Best Practices • Runtime Behavior Analysis
खॱ • Inspector ༻ͷϩʔϧΛ࡞͢Δ • ରͱ͢Δ EC2 ΠϯελϯεʹλάΛઃఆ • σʔϞϯΛΠϯετʔϧ
• ධՁςϯϓϨʔτͷ࡞ • Ͳͷλά͕͍ͭͨΠϯελϯεʹ͍࣮ͭͯߦ͢Δͷ͔ • ԿͷηΩϡϦςΟνΣοΫΛߦ͏ͷ͔ • ࣮ߦ
None
$ curl -O https:// d1wk0tztpsntt1.cloudfront. net/linux/latest/install $ sudo bash install
None
ࢼݧ༻ʹ OpenSSL ͷ όʔδϣϯ͕গ͠ݹ͍ ΠϯελϯεΛ༻ҙ
None
݁Ռ
ͦΕͧΕʹ͍ͭͯৄࡉઆ໌ͱରॲ๏͕ࢀরͰ͖Δ
Ϧϕϯδ ͱΓ͋͑ͣॏཁ High ͷͷͳ͘ͳͬͨ
֦͕Γͱͯ͠ • Amazon SNS ରԠ͍ͯ͠ΔͷͰɺྃ࣌ʹ Slack ͳͲʹ௨ • ͪΖΜ SDK
ެ։͞Ε͍ͯΔͷͰɺఆظత ʹࣗಈ࣮ߦͤ͞Δ͜ͱՄೳ ʢࠓͷͱ͜Ζίϯιʔϧ͔ΒͰ͖Δػೳͳ ͛͞ʣ
҆৺ɾ҆શͳ։ൃΛ • ͱ͍͑ɺ͜Ε͚ͩͰෆे • ੬ऑੑʹରͯ͠ɺҰఆͷอݥΛ͔͚Δ • χϡʔεΛνΣοΫͯ͠ɺదͳରԠΛʂ
serima
shoe116
koedoyoshida
yuobayashi
opelab
oracle4engineer
takaking22
kotaoue
shotashiratori
rakus_dev
exawizards
jonoalderson
tessaabrams
szymonslowik
chriscoyier
zakiyama
trallard
vanstee
davidcarrasco
codingconduct
katarinadahlin
jacobian
greggifford
