Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
780
Asenkron PHP
hdogan
0
1.5k
PHP Senfoni Orkestrası: Composer
hdogan
1
420
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.3k
CakePHP ile Pasta Pişirmek
hdogan
1
880
PHP 101
hdogan
1
740
Web Uygulamalarında Güvenlik
hdogan
1
500
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
550
Other Decks in Programming
See All in Programming
Modern Angular with Signals and Signal Store:New Rules for Your Architecture @enterJS Advanced Angular Day 2025
manfredsteyer
PRO
0
150
Blazing Fast UI Development with Compose Hot Reload (droidcon New York 2025)
zsmb
1
260
ReadMoreTextView
fornewid
1
490
なぜ適用するか、移行して理解するClean Architecture 〜構造を超えて設計を継承する〜 / Why Apply, Migrate and Understand Clean Architecture - Inherit Design Beyond Structure
seike460
PRO
1
710
Is Xcode slowly dying out in 2025?
uetyo
1
230
#kanrk08 / 公開版 PicoRubyとマイコンでの自作トレーニング計測装置を用いたワークアウトの理想と現実
bash0c7
1
640
GitHub Copilot and GitHub Codespaces Hands-on
ymd65536
1
130
Google Agent Development Kit でLINE Botを作ってみた
ymd65536
2
210
エンジニア向け採用ピッチ資料
inusan
0
170
童醫院敏捷轉型的實踐經驗
cclai999
0
200
Julia という言語について (FP in Julia « SIDE: F ») for 関数型まつり2025
antimon2
3
980
Go1.25からのGOMAXPROCS
kuro_kurorrr
1
820
Featured
See All Featured
Making Projects Easy
brettharned
116
6.3k
Into the Great Unknown - MozCon
thekraken
39
1.9k
How to Ace a Technical Interview
jacobian
277
23k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
30
2.1k
Done Done
chrislema
184
16k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
17
950
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.3k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.5k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12