Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.2k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
720
Asenkron PHP
hdogan
0
1.4k
PHP Senfoni Orkestrası: Composer
hdogan
1
400
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.2k
CakePHP ile Pasta Pişirmek
hdogan
1
860
PHP 101
hdogan
1
720
Web Uygulamalarında Güvenlik
hdogan
1
480
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
540
Other Decks in Programming
See All in Programming
EventSourcingの理想と現実
wenas
6
2.3k
Generative AI Use Cases JP (略称:GenU)奮闘記
hideg
1
290
Contemporary Test Cases
maaretp
0
130
見せてあげますよ、「本物のLaravel批判」ってやつを。
77web
7
7.7k
Macとオーディオ再生 2024/11/02
yusukeito
0
370
最新TCAキャッチアップ
0si43
0
140
Content Security Policy入門 セキュリティ設定と 違反レポートのはじめ方 / Introduction to Content Security Policy Getting Started with Security Configuration and Violation Reporting
uskey512
1
520
ヤプリ新卒SREの オンボーディング
masaki12
0
130
Amazon Qを使ってIaCを触ろう!
maruto
0
400
聞き手から登壇者へ: RubyKaigi2024 LTでの初挑戦が 教えてくれた、可能性の星
mikik0
1
120
Jakarta Concurrencyによる並行処理プログラミングの始め方 (JJUG CCC 2024 Fall)
tnagao7
1
290
役立つログに取り組もう
irof
28
9.6k
Featured
See All Featured
Embracing the Ebb and Flow
colly
84
4.5k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
93
16k
What's in a price? How to price your products and services
michaelherold
243
12k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.2k
Thoughts on Productivity
jonyablonski
67
4.3k
GraphQLとの向き合い方2022年版
quramy
43
13k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
Building a Modern Day E-commerce SEO Strategy
aleyda
38
6.9k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
wenas
hideg
maaretp
77web
yusukeito
0si43
uskey512
masaki12
maruto
mikik0
tnagao7
irof
colly
panda_program
michaelherold
mraible
jonyablonski
quramy
marcelosomers
aleyda
danielanewman
pedronauck
sugarenia
stephaniewalter
