Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PHP Güvenlik Notları

D55de538259751cc08d16a0843e1c69f?s=47 Hidayet Doğan
November 07, 2012
Programming
0
800

PHP Güvenlik Notları

XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir

D55de538259751cc08d16a0843e1c69f?s=128

Hidayet Doğan

November 07, 2012
Tweet

More Decks by Hidayet Doğan

See All by Hidayet Doğan
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
210
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
880
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
330
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
4
3.6k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
800
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
630
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
400
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
5
1.6k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
490

Other Decks in Programming

See All in Programming
99b434b001cd93fe73322f764d73372c?s=48 tttamaki
0
1k
C3a47a823a1e7adcb5be27cc3df5c482?s=48 akiyoko
3
990
99b434b001cd93fe73322f764d73372c?s=48 tttamaki
0
970
Aa5b922fefbf18bea89972521971dfea?s=48 yoshikiiida
20
8k
654bfd58e2b78f573bd9b40a60cb0b44?s=48 ironwest
0
230
E0e036f89c14b3e59640318eedf9670b?s=48 bkuhlmann
3
420
4c76f001e0a3d59cc5a269df70940dfd?s=48 lmcinnes
0
230
A0f8acd52ed0bac0c4d87220ef0aa383?s=48 shotarok
0
590
7437b838338581b08ca72340b05475b9?s=48 abt
1
290
Dc8d7b0277a1646d6842105241e8bef5?s=48 peacock0803sz
0
270
3499a1d71fa70b8ee44816ca9e7329fe?s=48 bells17
1
460
5c588fdfe782f92fa6b081903edd82bb?s=48 hr01
0
3.4k

Featured

See All Featured
A16eb159db895e3b01d3dc95767ad595?s=48 jonyablonski
35
1.6k
282d599b414022eba5096510f675b6e2?s=48 chrislema
231
16k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
687
180k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
195
9k
027d1ebf66cc039a0bd3b55eeadbe75d?s=48 sachag
269
17k
E837d2996f52008ace055a08fbfff992?s=48 frogandcode
129
20k
Fe6b81005d1553accd6b2a28f6a2bef1?s=48 phodgson
92
4.1k
D36d2c1821af9249b69ff7f5ed60529b?s=48 tammielis
239
23k
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
24
870
C0b42577cfc2b321be3474618107e933?s=48 samanthasiow
61
6.6k
F716e5f737fcfb03f2cf8d1a184f1dbe?s=48 nonsquared
83
3.6k
24fc194843a71f10949be18d5a692682?s=48 gr2m
85
11k

Transcript

  1. PHP Güvenlik Notları Friday, November 9, 12

  2. PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site

    Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12

  3. Kod Okunurluğu Friday, November 9, 12

  4. PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,

    display_errors, log_errors Friday, November 9, 12

  5. SQL Injection SELECT * FROM tablo WHERE id = $id

    register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12

  6. Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include

    = Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12

  7. Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar

    (token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12

  8. Sorular? Friday, November 9, 12

  9. PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12

  10. Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,

    12