Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
PHP Güvenlik Notları
Hidayet Doğan
November 07, 2012
Programming
0
960
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
430
Asenkron PHP
hdogan
0
1.2k
PHP Senfoni Orkestrası: Composer
hdogan
1
360
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
3.9k
CakePHP ile Pasta Pişirmek
hdogan
1
830
PHP 101
hdogan
1
670
Web Uygulamalarında Güvenlik
hdogan
1
420
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
510
Other Decks in Programming
See All in Programming
Azure Functionsをサクッと開発、サクッとデプロイ/vscodeconf2023-baba
nina01
1
350
WordPress(再)入門 - 基礎知識・環境編
oleindesign
1
140
Swift Observation
shiz
4
290
Hasura の Relationship と権限管理
karszawa
0
180
Remix + Cloudflare Pages + D1 で ポケモン SV のレンタルチームを検索できるアプリを作ってみた
kuroppe1819
4
1.4k
ipa-medit: Memory search and patch tool for IPA without Jailbreaking/ipa-medit-bh2022-europe
tkmru
0
130
花き業界のサプライチェーンを繋げるプロダクト開発の進め方
userlike1
0
180
Glance App Widgetでウィジェットを作ろう / MoT TechTalk #15
mot_techtalk
0
130
domain層のモジュール化 / MoT TechTalk #15
mot_techtalk
0
130
Micro Frontends with Module Federation @MicroFrontend Summit 2023
manfredsteyer
PRO
0
600
Prácticas de Seguridad en Kubernetes
pablokbs
0
130
xarray-Datatree: Hierarchical Data Structures for Multi-Model Science
tomnicholas
0
230
Featured
See All Featured
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
197
10k
How To Stay Up To Date on Web Technology
chriscoyier
779
250k
Bootstrapping a Software Product
garrettdimon
299
110k
How GitHub (no longer) Works
holman
298
140k
Done Done
chrislema
178
14k
Building an army of robots
kneath
301
40k
How to train your dragon (web standard)
notwaldorf
66
4.3k
Designing for Performance
lara
600
65k
In The Pink: A Labor of Love
frogandcode
132
21k
The Illustrated Children's Guide to Kubernetes
chrisshort
22
43k
Ruby is Unlike a Banana
tanoku
93
9.5k
What's in a price? How to price your products and services
michaelherold
233
9.7k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12