Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.1k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
650
Asenkron PHP
hdogan
0
1.4k
PHP Senfoni Orkestrası: Composer
hdogan
1
380
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.1k
CakePHP ile Pasta Pişirmek
hdogan
1
850
PHP 101
hdogan
1
700
Web Uygulamalarında Güvenlik
hdogan
1
450
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
520
Other Decks in Programming
See All in Programming
GitLab CI/CD で C#/WPFアプリケーションのテストとインストーラーのビルド・デプロイを自動化する
hacarus
0
510
GitHub Copilotのススメ
marcy731
1
240
Docker_OSS_ホスティング入門
satokoki645
0
110
MicrosoftのPlatform Engineeringガイドを読んで実際になにかやってみた
ymd65536
1
530
Snowflakeで眠ったデータを起こそう!
estie
0
160
VS Code をプロダクトにどう取り込むか
onomax
1
780
『Railsオワコン』と言われる時代に、なぜブルーモ証券はRailsを選ぶのか
free_world21
2
400
WebGLで始める コンピュータグラフィックス入門
heller77
0
350
Ruby Function Composition
bkuhlmann
1
340
Go製Webアプリケーションのエラーとの向き合い方大全、あるいはやっぱりスタックトレース欲しいやん / Kyoto.go #50
utgwkk
6
1.9k
SIMD Parallel Programming with the Vector API
josepaumard
0
240
“Seeing Like a Programmer”—Resiliency, Limits, and Moral Hazards in Software Engineering (LambdaConf 2024)
chriskrycho
0
330
Featured
See All Featured
Docker and Python
trallard
35
2.7k
jQuery: Nuts, Bolts and Bling
dougneiner
60
7.2k
Mobile First: as difficult as doing things right
swwweet
217
8.6k
Why You Should Never Use an ORM
jnunemaker
PRO
51
8.7k
The Power of CSS Pseudo Elements
geoffreycrofte
62
5k
The Straight Up "How To Draw Better" Workshop
denniskardys
228
130k
Building Better People: How to give real-time feedback that sticks.
wjessup
356
18k
How to train your dragon (web standard)
notwaldorf
75
5.2k
10 Git Anti Patterns You Should be Aware of
lemiorhan
649
58k
Statistics for Hackers
jakevdp
790
220k
What the flash - Photography Introduction
edds
64
11k
Fontdeck: Realign not Redesign
paulrobertlloyd
76
4.9k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12