$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.2k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
720
Asenkron PHP
hdogan
0
1.5k
PHP Senfoni Orkestrası: Composer
hdogan
1
400
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.2k
CakePHP ile Pasta Pişirmek
hdogan
1
860
PHP 101
hdogan
1
720
Web Uygulamalarında Güvenlik
hdogan
1
480
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
540
Other Decks in Programming
See All in Programming
新卒研修で作ったアプリのご紹介
mkryo
0
240
.NET Conf 2024の振り返り
tomokusaba
0
190
eBPF Deep Dive: Architecture and Safety Mechanisms
takehaya
12
1.2k
Functional Event Sourcing using Sekiban
tomohisa
0
130
Discord Bot with AI -for English learners-
xin9le
1
110
Jakarta EE meets AI
ivargrimstad
0
1.1k
CSC305 Lecture 23
javiergs
PRO
0
120
距離関数を極める! / SESSIONS 2024
gam0022
0
370
tidymodelsによるtidyな生存時間解析 / Japan.R2024
dropout009
1
460
CSC305 Lecture 25
javiergs
PRO
0
110
[Do iOS '24] Ship your app on a Friday...and enjoy your weekend!
polpielladev
0
230
.NET 9アプリをCGIとして レンタルサーバーで動かす
mayuki
1
750
Featured
See All Featured
Designing on Purpose - Digital PM Summit 2013
jponch
116
7k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
111
49k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
GraphQLとの向き合い方2022年版
quramy
44
13k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
How to Think Like a Performance Engineer
csswizardry
21
1.2k
The Cost Of JavaScript in 2023
addyosmani
45
6.9k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
29
2k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Being A Developer After 40
akosma
87
590k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12