Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
800
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
430
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.4k
CakePHP ile Pasta Pişirmek
hdogan
1
890
PHP 101
hdogan
1
750
Web Uygulamalarında Güvenlik
hdogan
1
510
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
550
Other Decks in Programming
See All in Programming
Introducing RemoteCompose: break your UI out of the app sandbox.
camaelon
2
540
Tangible Code
chobishiba
3
520
乱雑なコードの整理から学ぶ設計の初歩
masuda220
PRO
11
2.6k
SidekiqでAIに商品説明を生成させてみた
akinko_0915
0
130
チーム開発の “地ならし"
konifar
3
1.4k
なんでRustの環境構築してないのにRust製のツールが動くの? / Why Do Rust-Based Tools Run Without a Rust Environment?
ssssota
15
48k
ドメイン駆動設計のエッセンス
masuda220
PRO
15
7.7k
Vueのバリデーション、結局どれを選べばいい? ― 自作バリデーションの限界と、脱却までの道のり ― / Which Vue Validation Library Should We Really Use? The Limits of Self-Made Validation and How I Finally Moved On
neginasu
3
1.8k
Amazon Bedrock Knowledge Bases Hands-on
konny0311
0
140
AIのバカさ加減に怒る前にやっておくこと
blueeventhorizon
0
160
Swift Concurrency 年表クイズ
omochi
3
220
Phronetic Team with AI - Agile Japan 2025 closing
hiranabe
0
230
Featured
See All Featured
Visualization
eitanlees
150
16k
Building Applications with DynamoDB
mza
96
6.7k
KATA
mclloyd
PRO
32
15k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
192
56k
Faster Mobile Websites
deanohume
310
31k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.7k
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
jQuery: Nuts, Bolts and Bling
dougneiner
65
8k
Site-Speed That Sticks
csswizardry
13
960
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
9.7k
Stop Working from a Prison Cell
hatefulcrawdad
272
21k
Raft: Consensus for Rubyists
vanstee
140
7.2k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
camaelon
chobishiba
masuda220
akinko_0915
konifar
ssssota
neginasu
konny0311
blueeventhorizon
omochi
hiranabe
eitanlees
mza
mclloyd
soudai
deanohume
reverentgeek
wjessup
dougneiner
csswizardry
eileencodes
hatefulcrawdad
vanstee
