Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
780
Asenkron PHP
hdogan
0
1.5k
PHP Senfoni Orkestrası: Composer
hdogan
1
420
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.3k
CakePHP ile Pasta Pişirmek
hdogan
1
880
PHP 101
hdogan
1
740
Web Uygulamalarında Güvenlik
hdogan
1
500
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
550
Other Decks in Programming
See All in Programming
新メンバーも今日から大活躍!SREが支えるスケールし続ける組織のオンボーディング
honmarkhunt
5
9.3k
Android 16KBページサイズ対応をはじめからていねいに
mine2424
0
640
知って得する@cloudflare_vite-pluginのあれこれ
chimame
1
120
Claude Code + Container Use と Cursor で作る ローカル並列開発環境のススメ / ccc local dev
kaelaela
12
7.4k
Streamlitで実現できるようになったこと、実現してくれたこと
ayumu_yamaguchi
2
210
Claude Code派?Gemini CLI派? みんなで比較LT会!_20250716
junholee
1
690
CDK引数設計道場100本ノック
badmintoncryer
2
560
TypeScriptでDXを上げろ! Hono編
yusukebe
3
860
マッチングアプリにおけるフリックUIで苦労したこと
yuheiito
0
240
脱Riverpod?fqueryで考える、TanStack Queryライクなアーキテクチャの可能性
ostk0069
0
560
Startups on Rails in Past, Present and Future–Irina Nazarova, RailsConf 2025
irinanazarova
0
290
The Modern View Layer Rails Deserves: A Vision For 2025 And Beyond @ RailsConf 2025, Philadelphia, PA
marcoroth
2
780
Featured
See All Featured
Thoughts on Productivity
jonyablonski
69
4.7k
StorybookのUI Testing Handbookを読んだ
zakiyama
30
5.9k
Speed Design
sergeychernyshev
32
1k
Code Reviewing Like a Champion
maltzj
524
40k
Designing for humans not robots
tammielis
253
25k
Code Review Best Practice
trishagee
69
19k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.3k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
18
1k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
A Modern Web Designer's Workflow
chriscoyier
695
190k
The Art of Programming - Codeland 2020
erikaheidi
54
13k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12