Pro Yearly is on sale from $80 to $50! »

PHP Güvenlik Notları

D55de538259751cc08d16a0843e1c69f?s=47 Hidayet Doğan
November 07, 2012
Programming
0
740

PHP Güvenlik Notları

XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir

D55de538259751cc08d16a0843e1c69f?s=128

Hidayet Doğan

November 07, 2012
Tweet

More Decks by Hidayet Doğan

See All by Hidayet Doğan
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
680
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
310
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
4
3.4k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
780
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
600
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
390
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
5
1.6k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
480
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
2
1.8k

Other Decks in Programming

See All in Programming
4578d99b560b2a470e05288ef6766ac2?s=48 paulk
0
670
9a22d09f92d50fa3d2a16766d0ba52f8?s=48 fabpot
0
750
2c9e59cb4bc0651504210cee88fc8b8a?s=48 zukakosan
0
480
7d1521d950d9bc5697868830cb04ff2f?s=48 yimajo
0
110
20c5ddcad23304aed77ce8c3aa020562?s=48 tkmru
2
280
85977ebfe59c2ee669f2196930f1a701?s=48 mehowte
0
150
Cfd5ecaceb5f1479df1f836b4b98f77e?s=48 riscurred
0
230
15217910de00471b472fecae440c6daf?s=48 ditn
2
510
563172ec6315e116ca0e10dc71d30f42?s=48 taumu
0
110
911650d8fcd455d179e45b4bf6cb7219?s=48 masaykisano
0
240
D8f039b7c0bdfdc1f28dd9f4db81b1be?s=48 ryunosukeheaven
4
330
1405a601755e5fcbfdc93a2560368bb1?s=48 freddi
0
230

Featured

See All Featured
C620790ae5bf5b50c245b2e0ef95f338?s=48 deanohume
295
27k
719435d98d452de7ac367c828266cf01?s=48 erikaheidi
12
4k
5f83ef806155b403c3393160ce51f955?s=48 jlugia
216
16k
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
11
680
5f2da528927a2ec9ba4fec2069cbc958?s=48 kneath
295
39k
E190023b66e2b8aa73a842b106920c93?s=48 zenorocha
296
39k
4262b9cfacfb6b2c77f23e1d0310cd3e?s=48 myddelton
107
11k
761be20b5ebd271008bcee1244fc5b52?s=48 matthewcrist
72
7.4k
Bfd6b681ec6e8c9bef82ff0521c364f7?s=48 kastner
54
1.9k
7559f6cff1f5efc2d210965febd4d71c?s=48 bermonpainter
341
26k
25c7c18223fb42a4c6ae1c8db6f50f9b?s=48 mojombo
358
62k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
498
130k

Transcript

  1. PHP Güvenlik Notları Friday, November 9, 12

  2. PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site

    Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12

  3. Kod Okunurluğu Friday, November 9, 12

  4. PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,

    display_errors, log_errors Friday, November 9, 12

  5. SQL Injection SELECT * FROM tablo WHERE id = $id

    register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12

  6. Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include

    = Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12

  7. Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar

    (token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12

  8. Sorular? Friday, November 9, 12

  9. PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12

  10. Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,

    12