Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PHP Güvenlik Notları

D55de538259751cc08d16a0843e1c69f?s=47 Hidayet Doğan
November 07, 2012
Programming
0
810

PHP Güvenlik Notları

XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir

D55de538259751cc08d16a0843e1c69f?s=128

Hidayet Doğan

November 07, 2012
Tweet

More Decks by Hidayet Doğan

See All by Hidayet Doğan
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
230
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
960
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
330
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
4
3.6k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
800
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
630
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
400
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
5
1.6k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
490

Other Decks in Programming

See All in Programming
75f5fb3ddda052e46f1daed314ae69ab?s=48 beberlei
0
120
Faafc04d9e69b73b9f49995fd4c94d4d?s=48 whatyouhide
0
240
575ca492bac55e895d0e1c86f7d709fe?s=48 hschwentner
1
540
B8e501d93b98a553abf0b5cee0c33503?s=48 yasaichi
35
12k
E1b600a54e2e4c1fe276cfe71a4fb02a?s=48 currylike37
0
530
D76231a2114896dfcc7b79ac69558b79?s=48 yosuke_furukawa
PRO
35
9.8k
27c093d0834208f4712faaaec38c2c5c?s=48 ramalho
3
510
023b04c98f39cc041293d780352432ff?s=48 koic
8
1.3k
3925ee6eaa41031bac799de0f4f528ec?s=48 to4iki
1
520
0620564f0125b8b3b7f4fe40c10b8b4e?s=48 tattn
2
210
9b753d898d93aae8bd163db5c420a1ae?s=48 s6323859
2
780
4fd283672253efa184ec8f63fb1a8d02?s=48 hexarf
2
230

Featured

See All Featured
9cde37f47e4a800ea081ea42de8d749a?s=48 dougneiner
122
8.2k
F57e2136eb9895eb95ff5dc8a1c02677?s=48 zakiwarfel
91
3.6k
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
105
11k
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
208
20k
56c4053438af8e8b90d6f53cbb7573be?s=48 jakevdp
778
200k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
498
130k
F68cb25ae3e5c2106997454b13b7737d?s=48 brad_frost
162
6.8k
8ec1383b240b5ba15ffb9743fceb3c0e?s=48 philnash
20
1k
5f2da528927a2ec9ba4fec2069cbc958?s=48 kneath
224
15k
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
15
1k
761be20b5ebd271008bcee1244fc5b52?s=48 matthewcrist
73
7.7k
462dad0dd24c568a32dcdb0ae895ae1b?s=48 rasmusluckow
318
19k

Transcript

  1. PHP Güvenlik Notları Friday, November 9, 12

  2. PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site

    Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12

  3. Kod Okunurluğu Friday, November 9, 12

  4. PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,

    display_errors, log_errors Friday, November 9, 12

  5. SQL Injection SELECT * FROM tablo WHERE id = $id

    register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12

  6. Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include

    = Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12

  7. Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar

    (token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12

  8. Sorular? Friday, November 9, 12

  9. PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12

  10. Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,

    12