Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
790
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
420
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.3k
CakePHP ile Pasta Pişirmek
hdogan
1
880
PHP 101
hdogan
1
740
Web Uygulamalarında Güvenlik
hdogan
1
500
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
550
Other Decks in Programming
See All in Programming
STUNMESH-go: Wireguard NAT穿隧工具的源起與介紹
tjjh89017
0
280
Constant integer division faster than compiler-generated code
herumi
2
540
大規模FlutterプロジェクトのCI実行時間を約8割削減した話
teamlab
PRO
0
450
decksh - a little language for decks
ajstarks
4
21k
GUI操作LLMの最新動向: UI-TARSと関連論文紹介
kfujikawa
0
670
대규모 트래픽을 처리하는 프론트 개발자의 전략
maryang
0
120
構文解析器入門
ydah
7
2k
PHPUnitの限界をPlaywrightで補完するテストアプローチ
yuzneri
0
390
あなたとJIT, 今すぐアセンブ ル
sisshiki1969
0
520
Nuances on Kubernetes - RubyConf Taiwan 2025
envek
0
110
MySQL9でベクトルカラム登場!PHP×AWSでのAI/類似検索はこう変わる
suguruooki
1
290
技術的負債で信頼性が限界だったWordPress運用をShifterで完全復活させた話
rvirus0817
0
760
Featured
See All Featured
Bash Introduction
62gerente
614
210k
Writing Fast Ruby
sferik
628
62k
The Pragmatic Product Professional
lauravandoore
36
6.8k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
How to train your dragon (web standard)
notwaldorf
96
6.2k
Side Projects
sachag
455
43k
Art, The Web, and Tiny UX
lynnandtonic
301
21k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
The Straight Up "How To Draw Better" Workshop
denniskardys
235
140k
How GitHub (no longer) Works
holman
314
140k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.8k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12