PHP Güvenlik Notları

D55de538259751cc08d16a0843e1c69f?s=47 Hidayet Doğan
November 07, 2012
Programming
0
740

PHP Güvenlik Notları

XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir

D55de538259751cc08d16a0843e1c69f?s=128

Hidayet Doğan

November 07, 2012
Tweet

More Decks by Hidayet Doğan

See All by Hidayet Doğan
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
630
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
310
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
4
3.3k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
780
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
600
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
380
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
5
1.6k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
480
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
2
1.8k

Other Decks in Programming

See All in Programming
88ad4f75d7c84fcf560bb6205c52e8c1?s=48 dnskimo
1
140
81bf9a5ec95c07c4884b334456025095?s=48 coodoo
1
1.1k
Fa5fd3405808cc6a9fe4b126b1ec39bd?s=48 gianarb
0
460
9e840766611f942c7c0a9ad6987a5d78?s=48 kishida
2
2.2k
1102d6e3810fcc652a8b2887d1642ade?s=48 47degacademy
0
200
1fe64ebb176498be5f73ab51986c6b7b?s=48 davidfowl
9
3k
66988ef2ff1307f07c7c8d829a6dc4fa?s=48 rosariopfernandes
2
120
404139d782ec666acea93dffc86e089f?s=48 sylph01
1
910
Fc59401781a26b10f5d4fc5b758fb3b7?s=48 andrewradev
0
160
D906ed8942d09821cbead00b19c6dabe?s=48 albertodebortoli
0
300
Bc87ea9c7a0f85b8761b716a677c6694?s=48 adammc331
0
160
53de6e9d0d7bedce85c7b29256448274?s=48 forrep
12
3.1k

Featured

See All Featured
719435d98d452de7ac367c828266cf01?s=48 erikaheidi
11
3.9k
7559f6cff1f5efc2d210965febd4d71c?s=48 bermonpainter
339
26k
24fc194843a71f10949be18d5a692682?s=48 gr2m
82
11k
3d6ace9554821d552146413bcdf874f6?s=48 trishagee
14
950
0fe2973fa8d27d96547e43322341183a?s=48 swwweet
205
6.7k
48c098b6579220a67a6ba949be6e4b5a?s=48 revolveconf
197
9.5k
9375a9529679f1b42b567a640d775e7d?s=48 schacon
144
6.5k
C51b39fa3c79ccb99dcb8a076bc98287?s=48 brianwarren
82
4.6k
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
100
11k
F57e2136eb9895eb95ff5dc8a1c02677?s=48 zakiwarfel
87
3.2k
027d1ebf66cc039a0bd3b55eeadbe75d?s=48 sachag
266
16k
15f2b8221f247985a27a627d2ece72f0?s=48 pauljervisheath
193
15k

Transcript

  1. PHP Güvenlik Notları Friday, November 9, 12

  2. PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site

    Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12

  3. Kod Okunurluğu Friday, November 9, 12

  4. PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,

    display_errors, log_errors Friday, November 9, 12

  5. SQL Injection SELECT * FROM tablo WHERE id = $id

    register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12

  6. Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include

    = Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12

  7. Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar

    (token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12

  8. Sorular? Friday, November 9, 12

  9. PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12

  10. Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,

    12