Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
PHP Güvenlik Notları
Hidayet Doğan
November 07, 2012
Programming
0
890
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
340
Asenkron PHP
hdogan
0
1.1k
PHP Senfoni Orkestrası: Composer
hdogan
1
350
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
3.8k
CakePHP ile Pasta Pişirmek
hdogan
1
810
PHP 101
hdogan
1
650
Web Uygulamalarında Güvenlik
hdogan
1
410
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
500
Other Decks in Programming
See All in Programming
C言語でメモリ管理を考えた話
hkawai
0
180
Android入門
hn410
0
300
CIでAndroidUIテストの様子を録画してみた
mkeeda
0
130
확장 가능한 테라폼 코드 관리 (Scalable Terraform Code Management)
posquit0
1
310
Modern Web Apps with Spring Boot, Angular & TypeScript
toedter
12
14k
Loom is Blooming
josepaumard
3
510
Git Rebase
bkuhlmann
7
1k
書籍『良いコード/悪いコードで学ぶ設計入門』でエンジニアリングの当たり前を変える
minodriven
3
1k
Monadic Java
mariofusco
4
250
読みやすいコードを書こう
yutorin
0
370
もしも、 上司に鬼退治を命じられたら~プロジェクト計画編~
higuuu
0
260
Keep Your Cache Always Fresh With Debezium
gunnarmorling
0
180
Featured
See All Featured
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
172
8.3k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
100
5.9k
No one is an island. Learnings from fostering a developers community.
thoeni
9
1.1k
The Language of Interfaces
destraynor
148
20k
Typedesign – Prime Four
hannesfritz
33
1.3k
How to train your dragon (web standard)
notwaldorf
57
3.8k
Documentation Writing (for coders)
carmenhchung
48
2.5k
Designing on Purpose - Digital PM Summit 2013
jponch
106
5.6k
Support Driven Design
roundedbygravity
86
8.4k
Side Projects
sachag
449
37k
Music & Morning Musume
bryan
35
4.1k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
15
910
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
hkawai
hn410
mkeeda
posquit0
toedter
josepaumard
bkuhlmann
minodriven
mariofusco
yutorin
higuuu
gunnarmorling
reverentgeek
dotmariusz
thoeni
destraynor
hannesfritz
notwaldorf
carmenhchung
jponch
roundedbygravity
sachag
bryan
marktimemedia
