Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up
for free
PHP Güvenlik Notları
Hidayet Doğan
November 07, 2012
Programming
0
750
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
hdogan
0
170
hdogan
0
790
hdogan
1
320
hdogan
4
3.5k
hdogan
1
790
hdogan
1
620
hdogan
1
400
hdogan
5
1.6k
hdogan
0
490
Other Decks in Programming
See All in Programming
hr01
0
1.9k
techharmony
0
160
dnskimo
7
1.4k
fr0gger
2
2.8k
emberconf
0
130
manfredsteyer
PRO
0
160
bkuhlmann
2
330
manfredsteyer
PRO
2
250
coe401_
3
160
yattom
31
11k
sisshiki1969
1
240
dhmegane
0
220
Featured
See All Featured
stephaniewalter
262
11k
roundedbygravity
242
21k
philhawksworth
192
8.9k
wjessup
340
16k
kneath
294
39k
malarkey
193
8.7k
carmenhchung
34
1.6k
vanstee
118
4.9k
notwaldorf
19
2.1k
mthomps
38
2.3k
chrislema
231
16k
denniskardys
220
120k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12