Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
800
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
440
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.4k
CakePHP ile Pasta Pişirmek
hdogan
1
900
PHP 101
hdogan
1
760
Web Uygulamalarında Güvenlik
hdogan
1
510
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.7k
İnsanlar için PHP
hdogan
0
560
Other Decks in Programming
See All in Programming
AIエージェントのキホンから学ぶ「エージェンティックコーディング」実践入門
masahiro_nishimi
5
450
AIと一緒にレガシーに向き合ってみた
nyafunta9858
0
230
プロダクトオーナーから見たSOC2 _SOC2ゆるミートアップ#2
kekekenta
0
210
開発者から情シスまで - 多様なユーザー層に届けるAPI提供戦略 / Postman API Night Okinawa 2026 Winter
tasshi
0
200
AI によるインシデント初動調査の自動化を行う AI インシデントコマンダーを作った話
azukiazusa1
1
730
MUSUBIXとは
nahisaho
0
130
Implementation Patterns
denyspoltorak
0
290
Package Management Learnings from Homebrew
mikemcquaid
0
220
なるべく楽してバックエンドに型をつけたい!(楽とは言ってない)
hibiki_cube
0
140
CSC307 Lecture 05
javiergs
PRO
0
500
humanlayerのブログから学ぶ、良いCLAUDE.mdの書き方
tsukamoto1783
0
190
AI Agent の開発と運用を支える Durable Execution #AgentsInProd
izumin5210
7
2.3k
Featured
See All Featured
Color Theory Basics | Prateek | Gurzu
gurzu
0
200
Practical Orchestrator
shlominoach
191
11k
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2k
Rebuilding a faster, lazier Slack
samanthasiow
85
9.4k
SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web
sarafernandez
0
120
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
640
We Analyzed 250 Million AI Search Results: Here's What I Found
joshbly
1
710
Marketing to machines
jonoalderson
1
4.6k
Darren the Foodie - Storyboard
khoart
PRO
2
2.4k
Evolving SEO for Evolving Search Engines
ryanjones
0
120
The Invisible Side of Design
smashingmag
302
51k
Leading Effective Engineering Teams in the AI Era
addyosmani
9
1.6k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
masahiro_nishimi
nyafunta9858
kekekenta
tasshi
azukiazusa1
nahisaho
denyspoltorak
mikemcquaid
hibiki_cube
javiergs
tsukamoto1783
izumin5210
gurzu
shlominoach
inesmontani
samanthasiow
sarafernandez
nmsamuel
joshbly
jonoalderson
khoart
ryanjones
smashingmag
addyosmani
