Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Hidayet Doğan
November 07, 2012
Programming
1.3k
0
Share
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
820
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
450
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.4k
CakePHP ile Pasta Pişirmek
hdogan
1
910
PHP 101
hdogan
1
770
Web Uygulamalarında Güvenlik
hdogan
1
530
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.7k
İnsanlar için PHP
hdogan
0
580
Other Decks in Programming
See All in Programming
RTSPクライアントを自作してみた話
simotin13
0
410
AI 時代のソフトウェア設計の学び方
masuda220
PRO
29
11k
net-httpのHTTP/2対応について
naruse
0
410
[2026年度第1回ORセミナー] 計画最適化ベンチャーと競技プログラミング人材
terryu16
0
220
inferと仲良くなる10分間
ryokatsuse
1
310
プロパティの順序で型推論が壊れる!? TypeScript6.0の修正からContext-Sensitivityの仕組みを追う
bicstone
2
1.3k
OSもどきOS
arkw
0
370
GitHub Copilot CLIのいいところ
htkym
2
1.2k
新規プロダクトを高速で生み出すハーネスエンジニアリング
seanchas116
19
7.8k
自動レビューエンジンの実装と運用 ~レビューのない世界へ~
kurukuru1999
2
310
JJUG CCC 2026 Spring: JSpecify で実現する Kotlin フレンドリーな Java API 設計
ternbusty
1
120
Oxlintのカスタムルールの現況
syumai
5
930
Featured
See All Featured
HDC tutorial
michielstock
2
680
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
160
Accessibility Awareness
sabderemane
1
130
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
130
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
4
2.8k
WENDY [Excerpt]
tessaabrams
11
38k
From Legacy to Launchpad: Building Startup-Ready Communities
dugsong
0
220
世界の人気アプリ100個を分析して見えたペイウォール設計の心得
akihiro_kokubo
PRO
70
39k
Unsuck your backbone
ammeep
672
58k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.9k
Typedesign – Prime Four
hannesfritz
42
3.1k
Neural Spatial Audio Processing for Sound Field Analysis and Control
skoyamalab
0
310
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
simotin13
masuda220
naruse
terryu16
ryokatsuse
bicstone
arkw
htkym
seanchas116
kurukuru1999
ternbusty
syumai
michielstock
tmiket
sabderemane
marketingsoph
inesmontani
tessaabrams
dugsong
akihiro_kokubo
ammeep
bluesmoon
hannesfritz
skoyamalab
