Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PHP Güvenlik Notları

D55de538259751cc08d16a0843e1c69f?s=47 Hidayet Doğan
November 07, 2012
Programming
0
760

PHP Güvenlik Notları

XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir

D55de538259751cc08d16a0843e1c69f?s=128

Hidayet Doğan

November 07, 2012
Tweet

More Decks by Hidayet Doğan

See All by Hidayet Doğan
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
180
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
820
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
320
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
4
3.5k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
790
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
620
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
400
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
5
1.6k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
490

Other Decks in Programming

See All in Programming
667fbca1f58bc0215c744b5ae8f8e5d2?s=48 manuelrauber
0
160
74b66d72163c42c8d157f325e3ebb45e?s=48 gamine
0
190
4b071f90c5d9c0a58e2d9076460b7be4?s=48 ne_sachirou
0
560
Bbb17eeeecd3d9d06f4db310ab630a12?s=48 borkdude
1
220
15934fa2aa7b2ce21f091e9b7cffa856?s=48 manfredsteyer
PRO
0
250
67de06c6cee3ece0f56494e91e48117e?s=48 tkitsunai
6
2.7k
De266761b955b2636e454a1bc7a99ed4?s=48 masayaaoyama
2
370
56047a7b11797f42c2e7030d771fe803?s=48 oleur
2
110
8284465a94bbdf1ea82cf1a67d55f447?s=48 kilometer
2
360
E3c2bac7a4a04823dda122cf243edd01?s=48 claudioed
1
300
3f97ef294ccbc5e3f16b7594e06fd1f3?s=48 sryoya
2
120
B31f9495679ee5513a2f9904767336af?s=48 kidokidofire
1
180

Featured

See All Featured
78b475797a14c84799063c7cd073962f?s=48 holman
448
140k
Ae14cc4491ac334f9cd23f9f93b4305e?s=48 orderedlist
PRO
331
36k
F383c6a4dc55e331bbe2987b622cee6b?s=48 stephaniewalter
262
11k
8ec1383b240b5ba15ffb9743fceb3c0e?s=48 philnash
11
750
A9704266587836f7e784235e5073b93e?s=48 jmmastey
12
760
91cefdf141106fa10674aae74ce05890?s=48 yeseniaperezcruz
302
32k
B3ace07412a5178ea778e7eec161fc0a?s=48 jcasabona
8
610
Dafc4723e9a1c067796c0fec6f509774?s=48 lemiorhan
631
48k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
498
130k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
193
8.7k
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
24
1.3k
027d1ebf66cc039a0bd3b55eeadbe75d?s=48 sachag
446
36k

Transcript

  1. PHP Güvenlik Notları Friday, November 9, 12

  2. PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site

    Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12

  3. Kod Okunurluğu Friday, November 9, 12

  4. PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,

    display_errors, log_errors Friday, November 9, 12

  5. SQL Injection SELECT * FROM tablo WHERE id = $id

    register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12

  6. Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include

    = Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12

  7. Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar

    (token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12

  8. Sorular? Friday, November 9, 12

  9. PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12

  10. Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,

    12