Save 37% off PRO during our Black Friday Sale! »

PHP Güvenlik Notları

D55de538259751cc08d16a0843e1c69f?s=47 Hidayet Doğan
November 07, 2012
Programming
0
840

PHP Güvenlik Notları

XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir

D55de538259751cc08d16a0843e1c69f?s=128

Hidayet Doğan

November 07, 2012
Tweet

More Decks by Hidayet Doğan

See All by Hidayet Doğan
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
270
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
1k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
340
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
4
3.7k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
810
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
640
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
400
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
5
1.6k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
500

Other Decks in Programming

See All in Programming
C6b97a47d5406cfdef50a5c755751c16?s=48 sorami
3
910
62384887995a0ce07ec4f86b89f5ec9e?s=48 aosa4054
0
260
B00d69471ef4903e0353aa5476614b7f?s=48 yongtae723
0
820
265bcbb56e831266de7a9f9281aab57a?s=48 appleboy
2
1.1k
Bcbc80799bc32840662a366768318a9b?s=48 koba789
0
690
7a37d60769f6f3004adee19a8ff2c219?s=48 tunepolo
0
240
Fe05cd1ac317a2b94eedc0f45cacc424?s=48 akiroom
0
840
971ed28afdc89340ebbf2114ed4ef538?s=48 txkxyx
1
150
9a5d3eac40dd7a3a8d5373b22145fa88?s=48 sntree2mi8
0
120
Ddecbf99faa27ea6257856734fa6f9b8?s=48 whitegreen
0
180
7afaad8f870ef79e2c3284a91e13f0b3?s=48 nakabonne
1
260
7fccfb690a818ed2f3a15fc21d426d5a?s=48 texmeijin
0
200

Featured

See All Featured
5f50f94346fbcb23706f0707169317a4?s=48 aarron
261
37k
462dad0dd24c568a32dcdb0ae895ae1b?s=48 rasmusluckow
318
19k
5b6a2bd86ef643786a381a212e0ef2f1?s=48 geoffreycrofte
44
3.7k
C51b39fa3c79ccb99dcb8a076bc98287?s=48 brianwarren
88
5.4k
78b475797a14c84799063c7cd073962f?s=48 holman
295
140k
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
25
960
Fe6b81005d1553accd6b2a28f6a2bef1?s=48 phodgson
92
4.3k
4394ceb8b277f35ee3da7030384efb5d?s=48 davidbonilla
75
3.8k
5b9fe87ec1faa67a4599782930f45ec9?s=48 sstephenson
149
12k
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
167
19k
E6c6e133e74c3b83f04d2861deaa1c20?s=48 searls
208
38k
9cde37f47e4a800ea081ea42de8d749a?s=48 dougneiner
123
8.3k

Transcript

  1. PHP Güvenlik Notları Friday, November 9, 12

  2. PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site

    Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12

  3. Kod Okunurluğu Friday, November 9, 12

  4. PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,

    display_errors, log_errors Friday, November 9, 12

  5. SQL Injection SELECT * FROM tablo WHERE id = $id

    register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12

  6. Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include

    = Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12

  7. Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar

    (token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12

  8. Sorular? Friday, November 9, 12

  9. PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12

  10. Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,

    12