Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.2k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
760
Asenkron PHP
hdogan
0
1.5k
PHP Senfoni Orkestrası: Composer
hdogan
1
410
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.3k
CakePHP ile Pasta Pişirmek
hdogan
1
870
PHP 101
hdogan
1
730
Web Uygulamalarında Güvenlik
hdogan
1
490
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
540
Other Decks in Programming
See All in Programming
Learning Kotlin with detekt
inouehi
1
230
Jasprが凄い話
hyshu
0
210
コードジェネレーターで 効率的な開発をする / Efficient development with code generators
linyows
0
110
Rubyと自由とAIと
yotii23
6
2k
The Price of Micro Frontends … and Your Alternatives @bastacon 2025 in Frankfurt
manfredsteyer
PRO
0
320
気がついたら子供が社会人になって 自分と同じモバイルアプリエンジニアになった件 / Parent-Child Engineers
koishi
0
150
AWS Step Functions は CDK で書こう!
konokenj
5
940
kintone開発を効率化するためにチームで試した施策とその結果を大放出!
oguemon
1
410
はじめての Go * WASM * OCR
sgash708
1
140
.NET Frameworkでも汎用ホストが使いたい!
tomokusaba
0
250
PromptyによるAI開発入門
ymd65536
1
190
Ça bouge du côté des animations CSS !
goetter
2
170
Featured
See All Featured
Java REST API Framework Comparison - PWX 2021
mraible
29
8.4k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
21
2.5k
A better future with KSS
kneath
238
17k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
11
1.3k
Testing 201, or: Great Expectations
jmmastey
42
7.3k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5.3k
Optimizing for Happiness
mojombo
377
70k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
115
51k
Code Reviewing Like a Champion
maltzj
521
39k
Building a Modern Day E-commerce SEO Strategy
aleyda
38
7.1k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
inouehi
hyshu
linyows
yotii23
manfredsteyer
koishi
konokenj
oguemon
sgash708
tomokusaba
ymd65536
goetter
mraible
sugarenia
eileencodes
kneath
reverentgeek
jmmastey
mojombo
aki_iinuma
maltzj
aleyda
marcelosomers
