Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.2k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
700
Asenkron PHP
hdogan
0
1.4k
PHP Senfoni Orkestrası: Composer
hdogan
1
390
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.2k
CakePHP ile Pasta Pişirmek
hdogan
1
850
PHP 101
hdogan
1
720
Web Uygulamalarında Güvenlik
hdogan
1
470
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
530
Other Decks in Programming
See All in Programming
Playwrightから始めるVisual Regression Testingのススメ by とっと
totto2727
2
1.9k
The Shape of a Service Object
inem
0
340
Web技術を駆使してユーザーの画面を「録画」する
yukukotani
13
6.4k
メモリ最適化を究める!iOSアプリ開発における5つの重要なポイント
yhirakawa333
0
400
Appleの新しいプライバシー要件対応: ノーコードアプリ プラットフォームの実践事例
nao_randd
1
520
Understand the mechanism! Let's do screenshots tests of Compose Previews with various variations / 仕組みから理解する!Composeプレビューを様々なバリエーションでスクリーンショットテストしよう
sumio
2
270
仮想ファイルシステムを導入して開発環境のストレージ課題を解消する
segadevtech
2
460
Swift Concurrencyとレースコンディション
objectiveaudio
1
400
Ebitengineの1vs1ゲーム WebRTCの活用
ponyo877
0
360
長期運用プロダクトの開発速度を維持し続けるためのリファクタリング実践例
wataruss
8
2.6k
REXML改善のその後
naitoh
0
160
私のEbitengineの第一歩
qt_luigi
0
440
Featured
See All Featured
Docker and Python
trallard
39
3k
Designing for humans not robots
tammielis
248
25k
Intergalactic Javascript Robots from Outer Space
tanoku
268
26k
The Power of CSS Pseudo Elements
geoffreycrofte
71
5.2k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
109
6.9k
The Cult of Friendly URLs
andyhume
76
5.9k
The Art of Programming - Codeland 2020
erikaheidi
48
13k
Designing with Data
zakiwarfel
98
5k
Embracing the Ebb and Flow
colly
83
4.4k
RailsConf 2023
tenderlove
27
800
Testing 201, or: Great Expectations
jmmastey
36
7k
The Illustrated Children's Guide to Kubernetes
chrisshort
47
48k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12