Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PHP Güvenlik Notları

D55de538259751cc08d16a0843e1c69f?s=47 Hidayet Doğan
November 07, 2012
Programming
0
750

PHP Güvenlik Notları

XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir

D55de538259751cc08d16a0843e1c69f?s=128

Hidayet Doğan

November 07, 2012
Tweet

More Decks by Hidayet Doğan

See All by Hidayet Doğan
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
170
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
790
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
320
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
4
3.5k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
790
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
620
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
400
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
5
1.6k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
490

Other Decks in Programming

See All in Programming
5c588fdfe782f92fa6b081903edd82bb?s=48 hr01
0
1.9k
14d83dc17e2c893d7564b609ff8da4ca?s=48 techharmony
0
160
88ad4f75d7c84fcf560bb6205c52e8c1?s=48 dnskimo
7
1.4k
9103dacbfc728d2a583981e7cf854cc4?s=48 fr0gger
2
2.8k
C766fe58109bc3750d333f4835ba43c2?s=48 emberconf
0
130
15934fa2aa7b2ce21f091e9b7cffa856?s=48 manfredsteyer
PRO
0
160
E0e036f89c14b3e59640318eedf9670b?s=48 bkuhlmann
2
330
15934fa2aa7b2ce21f091e9b7cffa856?s=48 manfredsteyer
PRO
2
250
5b3338b3676d4f7091a575e584f3a4f4?s=48 coe401_
3
160
Acd2f6f7498ea41881e161e191aa7c02?s=48 yattom
31
11k
Aea43fe34799c7ae03e9793919e39c65?s=48 sisshiki1969
1
240
75baf8a56acce7086013da05fd125af5?s=48 dhmegane
0
220

Featured

See All Featured
F383c6a4dc55e331bbe2987b622cee6b?s=48 stephaniewalter
262
11k
1519587b1a0febb658c36c94f6272b0d?s=48 roundedbygravity
242
21k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
192
8.9k
9952dfcd5d338f8a8e7175c8a8f65fb5?s=48 wjessup
340
16k
5f2da528927a2ec9ba4fec2069cbc958?s=48 kneath
294
39k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
193
8.7k
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenhchung
34
1.6k
B6a8f005f39d23ffc930508ac9da68b9?s=48 vanstee
118
4.9k
053e75a5b48b44d6dd0612795dfb326d?s=48 notwaldorf
19
2.1k
A415db3ac9e9668acbc1fb36eead84ac?s=48 mthomps
38
2.3k
282d599b414022eba5096510f675b6e2?s=48 chrislema
231
16k
Aff5641764408271f7bc398f2097edd0?s=48 denniskardys
220
120k

Transcript

  1. PHP Güvenlik Notları Friday, November 9, 12

  2. PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site

    Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12

  3. Kod Okunurluğu Friday, November 9, 12

  4. PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,

    display_errors, log_errors Friday, November 9, 12

  5. SQL Injection SELECT * FROM tablo WHERE id = $id

    register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12

  6. Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include

    = Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12

  7. Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar

    (token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12

  8. Sorular? Friday, November 9, 12

  9. PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12

  10. Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,

    12