Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
800
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
430
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.4k
CakePHP ile Pasta Pişirmek
hdogan
1
890
PHP 101
hdogan
1
750
Web Uygulamalarında Güvenlik
hdogan
1
510
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
560
Other Decks in Programming
See All in Programming
React Native New Architecture 移行実践報告
taminif
1
130
分散DBって何者なんだ... Spannerから学ぶRDBとの違い
iwashi623
0
170
非同期処理の迷宮を抜ける: 初学者がつまづく構造的な原因
pd1xx
1
600
AI時代もSEOを頑張っている話
shirahama_x
0
230
手軽に積ん読を増やすには?/読みたい本と付き合うには?
o0h
PRO
1
150
令和最新版Android Studioで化石デバイス向けアプリを作る
arkw
0
230
無秩序からの脱却 / Emergence from chaos
nrslib
2
12k
目的で駆動する、AI時代のアーキテクチャ設計 / purpose-driven-architecture
minodriven
11
3.9k
AIコーディングエージェント(Manus)
kondai24
0
130
How Software Deployment tools have changed in the past 20 years
geshan
0
28k
宅宅自以為的浪漫:跟 AI 一起為自己辦的研討會寫一個售票系統
eddie
0
480
NUMA環境とコンテナランタイム ― youki における Linux Memory Policy 実装
n4mlz
1
110
Featured
See All Featured
The Language of Interfaces
destraynor
162
25k
Statistics for Hackers
jakevdp
799
230k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
196
69k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
35
2.3k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
9
1k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
380
The Art of Programming - Codeland 2020
erikaheidi
56
14k
Visualization
eitanlees
150
16k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
285
14k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
31
2.7k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.5k
Documentation Writing (for coders)
carmenintech
76
5.2k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
taminif
iwashi623
pd1xx
shirahama_x
o0h
arkw
nrslib
minodriven
kondai24
geshan
eddie
n4mlz
destraynor
jakevdp
soudai
marcduiker
addyosmani
tammyeverts
erikaheidi
eitanlees
stephaniewalter
bluesmoon
jcasabona
carmenintech
