Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PHP Güvenlik Notları

D55de538259751cc08d16a0843e1c69f?s=47 Hidayet Doğan
November 07, 2012
Programming
0
780

PHP Güvenlik Notları

XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir

D55de538259751cc08d16a0843e1c69f?s=128

Hidayet Doğan

November 07, 2012
Tweet

More Decks by Hidayet Doğan

See All by Hidayet Doğan
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
200
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
840
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
330
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
4
3.6k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
800
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
630
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
400
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
5
1.6k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
490

Other Decks in Programming

See All in Programming
8e844e43f029ec38e206a464cf4587b3?s=48 ttskch
1
610
D83b3739651001461f48763639b90b50?s=48 mazipan
0
160
Fd8ec708dd64775183ba0ad57a5efb28?s=48 yuta25
1
200
6dd0483f1353a4a359e92633cfd65c64?s=48 wasabeef
1
480
A45681c58220b58ca83a926b1be52e65?s=48 moriatsushi
1
440
4d4d0d12c802b5ada024d4016b827125?s=48 kozo002
11
14k
E6311847f4fe11546a24eec9e7a403a5?s=48 startjapan
4
500
1d5ca7d8f17f15de4272e1ec7ef7abac?s=48 watilde
0
860
8ad6e0021df0a67faac106fafd918365?s=48 felixcoutinho
2
130
De266761b955b2636e454a1bc7a99ed4?s=48 masayaaoyama
1
570
15934fa2aa7b2ce21f091e9b7cffa856?s=48 manfredsteyer
PRO
0
220
F1cc70c45ba7c0ef2af982701e71fdd5?s=48 jamesmoriarty
0
110

Featured

See All Featured
C157b16234f1e75e8eac3698c1d4414a?s=48 ddemaree
273
32k
651dcfe41723207fbb0aa044a4f7c07f?s=48 dotmariusz
95
5.6k
282d599b414022eba5096510f675b6e2?s=48 chrislema
231
16k
Ba530e786553390f3fb271848485681c?s=48 3n
163
22k
7559f6cff1f5efc2d210965febd4d71c?s=48 bermonpainter
344
27k
C4de88ea47538e4594750e3861a341c8?s=48 brettharned
93
3.2k
9fa239b3154a0169d99ab7bf1422dd12?s=48 marcelosomers
221
15k
B3d6434763caa0ef5dc4b792662c49f7?s=48 smashingmag
233
18k
44b54d2ffcb7857004071cc6795dde11?s=48 cassininazir
347
20k
9128d500301ae51524e887bb680f471d?s=48 caitiem20
312
18k
A415db3ac9e9668acbc1fb36eead84ac?s=48 mthomps
40
2.4k
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
260
24k

Transcript

  1. PHP Güvenlik Notları Friday, November 9, 12

  2. PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site

    Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12

  3. Kod Okunurluğu Friday, November 9, 12

  4. PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,

    display_errors, log_errors Friday, November 9, 12

  5. SQL Injection SELECT * FROM tablo WHERE id = $id

    register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12

  6. Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include

    = Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12

  7. Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar

    (token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12

  8. Sorular? Friday, November 9, 12

  9. PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12

  10. Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,

    12