Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PHP Güvenlik Notları

D55de538259751cc08d16a0843e1c69f?s=47 Hidayet Doğan
November 07, 2012
Programming
0
880

PHP Güvenlik Notları

XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir

D55de538259751cc08d16a0843e1c69f?s=128

Hidayet Doğan

November 07, 2012
Tweet

More Decks by Hidayet Doğan

See All by Hidayet Doğan
Swoole ile Asenkron PHP
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
330
Asenkron PHP
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
1.1k
PHP Senfoni Orkestrası: Composer
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
350
PHP ile Soket Programlama ve Ağ Servisleri
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
5
3.8k
CakePHP ile Pasta Pişirmek
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
810
PHP 101
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
640
Web Uygulamalarında Güvenlik
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
410
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
5
1.6k
İnsanlar için PHP
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
500

Other Decks in Programming

See All in Programming
TECHHILLS-CROOZ CTOが考える 企業とOSSとの付き合い方-
7d36fee7c814de0b3a73626c65b54b03?s=48 crooz
0
720
RBS and Rails, Present and Future
7bc6612fa20296bf652f6b0357db81c1?s=48 pocke
0
380
コミットメッセージ規約 「Conventional Commits」を導入してみよう! / Let's use Conventional Commits
De4cef85165e8a063b5e40fe1f24daa4?s=48 cocoeyes02
2
340
Struktur für Ihre großen Angular-Anwendungen: Nx Monorepos, Micro Frontends und Module Federation
15934fa2aa7b2ce21f091e9b7cffa856?s=48 manfredsteyer
PRO
0
210
RenovateによるiOSライブラリーの自動更新
7ddcca09c00a2744b983974225447d19?s=48 ikesyo
1
450
Valider dynamiquement de la donnée avec Symfony
Afa7d9b3759a3d0c934966e7f19421fc?s=48 marionleherisson
1
250
30 分でわかる!アルゴリズムの基本
Ba868bdf0f1f87ac2c5b0a6b33119e35?s=48 e869120
18
15k
Laravel OctaneをどうしてもPharで運用したい話
Ec2fcdc4ea7905b289967a2c4c43e154?s=48 sgeengineer
1
150
【日本初導入】AWSをオンプレで使う!?「AWS Outpostsを用いたIoT/MLシステム」
Fe75eb4e3fe968c1cf9f9865e7f56fbd?s=48 suzusuzusuzu
1
110
Tokyo.R #98 Rを学ぶのは難しい
Ea0b0e1760fae9c7599f86c3555e071d?s=48 bob3bob3
2
1.9k
受託開発会社から自社サービス系の会社へ転職して思ったこと
B61b6c1a58337010b298cfab5784c5fc?s=48 iamyukihiro
0
220
PHPerでもできる!マイクロサービス
B793da271a45d149b52f507bca9f137c?s=48 77web
1
390

Featured

See All Featured
Designing the Hi-DPI Web
C157b16234f1e75e8eac3698c1d4414a?s=48 ddemaree
272
32k
The MySQL Ecosystem @ GitHub 2015
Be9caeb9d4ef9944d151af909063ed6e?s=48 samlambert
238
11k
Documentation Writing (for coders)
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenhchung
46
2.4k
What's new in Ruby 2.0
7edec06b5435e0dac07a353b2cc26253?s=48 geeforr
336
30k
Fontdeck: Realign not Redesign
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
73
4.1k
Unsuck your backbone
B83d5b590577969ee79a5ad845411a7d?s=48 ammeep
659
55k
Six Lessons from altMBA
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
14
1.3k
GitHub's CSS Performance
64827b31aef81498662e8af4bd6d5157?s=48 jonrohan
1019
410k
A Tale of Four Properties
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
149
20k
A Modern Web Designer's Workflow
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
689
180k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
Fd55de4174accaf3b4f030e43a8a70c6?s=48 marcduiker
3
140
Infographics Made Easy
282d599b414022eba5096510f675b6e2?s=48 chrislema
233
17k

Transcript

  1. PHP Güvenlik Notları Friday, November 9, 12

  2. PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site

    Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12

  3. Kod Okunurluğu Friday, November 9, 12

  4. PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,

    display_errors, log_errors Friday, November 9, 12

  5. SQL Injection SELECT * FROM tablo WHERE id = $id

    register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12

  6. Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include

    = Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12

  7. Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar

    (token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12

  8. Sorular? Friday, November 9, 12

  9. PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12

  10. Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,

    12