Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.2k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
740
Asenkron PHP
hdogan
0
1.5k
PHP Senfoni Orkestrası: Composer
hdogan
1
410
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.2k
CakePHP ile Pasta Pişirmek
hdogan
1
860
PHP 101
hdogan
1
730
Web Uygulamalarında Güvenlik
hdogan
1
480
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
540
Other Decks in Programming
See All in Programming
ペアーズでの、Langfuseを中心とした評価ドリブンなリリースサイクルのご紹介
fukubaka0825
1
170
SpringBoot3.4の構造化ログ #kanjava
irof
2
660
混沌とした例外処理とエラー監視に秩序をもたらす
morihirok
18
3.1k
時計仕掛けのCompose
mkeeda
1
110
毎日13時間もかかるバッチ処理をたった3日で60%短縮するためにやったこと
sho_ssk_
1
680
チームの立て直し施策をGoogleの 『効果的なチーム』と見比べてみた
maroon8021
0
210
chibiccをCILに移植した結果 (NGK2025S版)
kekyo
PRO
0
190
Package Traits
ikesyo
2
230
さいきょうのレイヤードアーキテクチャについて考えてみた
yahiru
1
410
PicoRubyと暮らす、シェアハウスハック
ryosk7
0
250
Java Webフレームワークの現状 / java web framework at burikaigi
kishida
7
1.7k
Alba: Why, How and What's So Interesting
okuramasafumi
0
240
Featured
See All Featured
Building a Scalable Design System with Sketch
lauravandoore
460
33k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
7k
Building Better People: How to give real-time feedback that sticks.
wjessup
366
19k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
127
18k
Fireside Chat
paigeccino
34
3.2k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
2k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
3k
Bash Introduction
62gerente
610
210k
Building a Modern Day E-commerce SEO Strategy
aleyda
38
7.1k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.7k
Learning to Love Humans: Emotional Interface Design
aarron
274
40k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
fukubaka0825
irof
morihirok
mkeeda
sho_ssk_
maroon8021
kekyo
ikesyo
yahiru
ryosk7
kishida
okuramasafumi
lauravandoore
lemiorhan
eileencodes
wjessup
morganepeng
paigeccino
philnash
62gerente
aleyda
kastner
aarron
