PHP Güvenlik Notları

D55de538259751cc08d16a0843e1c69f?s=47 Hidayet Doğan
November 07, 2012
Programming
0
740

PHP Güvenlik Notları

XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir

D55de538259751cc08d16a0843e1c69f?s=128

Hidayet Doğan

November 07, 2012
Tweet

More Decks by Hidayet Doğan

See All by Hidayet Doğan
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
620
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
310
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
4
3.2k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
780
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
600
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
380
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
5
1.6k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
480
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
2
1.8k

Other Decks in Programming

See All in Programming
D36d6bab8f1e0ff4bb3377571e5f7dcd?s=48 yutailang0119
5
180
3e049ed33195d00a8b745b16c63dce6e?s=48 leew
0
140
6d64a4d4ab6201f2ce57e3befc687785?s=48 yoshi0202
0
130
C44d9ff0fb47045ae04e3183694c7d68?s=48 wafuwafu13
0
290
2661b52b92e28d73635638a17c96f4af?s=48 toversus
1
330
8284465a94bbdf1ea82cf1a67d55f447?s=48 kilometer
1
120
473b12ebcfb79adfaef97796e94fc25c?s=48 hironytic
4
460
9e64d2069945742c818421e884603b44?s=48 ushisantoasobu
3
130
Db8efd836c9a09b71e3d8e1c60d6ea84?s=48 colinfay
0
330
6afbe110d33ef7e859fb8649b86bae55?s=48 mashabow
0
580
249b3122eee454c0a818bfe7851418e4?s=48 fromkk
7
450
9bf923e39671cde83584e3e926296c13?s=48 kishikawakatsumi
8
970

Featured

See All Featured
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
4
490
B3ace07412a5178ea778e7eec161fc0a?s=48 jcasabona
7
420
25c7c18223fb42a4c6ae1c8db6f50f9b?s=48 mojombo
356
62k
7559f6cff1f5efc2d210965febd4d71c?s=48 bermonpainter
340
26k
D83926c323d4f9289f947b4b4e76b939?s=48 jensimmons
205
9.9k
Fde6c3a50ca518a909ef35c22c0ee0e4?s=48 destraynor
144
19k
C35e01544a0dd94a2cf1619ee8a42ebb?s=48 clairelew
10
1.2k
245cee81a9c424266e5e401d844ea881?s=48 lara
13
2.3k
C7393b7ba7ec9c8890dd77d209fbb3c9?s=48 maltzj
499
36k
719435d98d452de7ac367c828266cf01?s=48 erikaheidi
10
3.8k
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
5
500
761be20b5ebd271008bcee1244fc5b52?s=48 matthewcrist
70
7k

Transcript

  1. PHP Güvenlik Notları Friday, November 9, 12

  2. PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site

    Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12

  3. Kod Okunurluğu Friday, November 9, 12

  4. PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,

    display_errors, log_errors Friday, November 9, 12

  5. SQL Injection SELECT * FROM tablo WHERE id = $id

    register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12

  6. Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include

    = Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12

  7. Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar

    (token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12

  8. Sorular? Friday, November 9, 12

  9. PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12

  10. Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,

    12