Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PHP Güvenlik Notları

D55de538259751cc08d16a0843e1c69f?s=47 Hidayet Doğan
November 07, 2012
Programming
0
750

PHP Güvenlik Notları

XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir

D55de538259751cc08d16a0843e1c69f?s=128

Hidayet Doğan

November 07, 2012
Tweet

More Decks by Hidayet Doğan

See All by Hidayet Doğan
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
130
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
720
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
320
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
4
3.4k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
780
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
610
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
390
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
5
1.6k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
480

Other Decks in Programming

See All in Programming
804bf3fd2baebf9a27e4774553688d37?s=48 saki4869
0
190
E473e5af1263c050599921981db46068?s=48 akatsukinewgrad
0
210
De266761b955b2636e454a1bc7a99ed4?s=48 masayaaoyama
4
540
3742ae4f74e584aed4f41c405232c3bb?s=48 yaamaa
0
440
5c588fdfe782f92fa6b081903edd82bb?s=48 hr01
0
1.6k
4047c64e3a1e2f81addd4ba675ddc451?s=48 zsmb
1
130
3aae47c11fab74b1db6ec80cd6f49058?s=48 takahi5
0
240
832ece085bfe2c7c5b0ed6be62d7e675?s=48 steipete
PRO
2
160
6165f5bae67e249133eba24da4b93780?s=48 trajchevska
2
380
3f309c992e2b1a5c3c014e63810a2f68?s=48 viteinfinite
0
210
0d7c1e828ec0afbf29c0d37702c4637d?s=48 rishitdagli
0
180
04df7340898eac3a0536d3b47c55501c?s=48 hirotokirimaru
1
430

Featured

See All Featured
C0b42577cfc2b321be3474618107e933?s=48 samanthasiow
56
6.3k
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
17
1.1k
D8fc2580cfaca035f666d9e4ee79a7f7?s=48 mongodb
23
3.8k
44b54d2ffcb7857004071cc6795dde11?s=48 cassininazir
347
20k
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
18
650
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
187
14k
91cefdf141106fa10674aae74ce05890?s=48 yeseniaperezcruz
302
31k
245cee81a9c424266e5e401d844ea881?s=48 lara
172
9.5k
282d599b414022eba5096510f675b6e2?s=48 chrislema
173
14k
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
368
42k
C44e1f7e22c3f23cff7bc130871047ef?s=48 eileencodes
113
25k
32de0bd2ba869609d26fd052a4622778?s=48 cromwellryan
101
5.9k

Transcript

  1. PHP Güvenlik Notları Friday, November 9, 12

  2. PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site

    Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12

  3. Kod Okunurluğu Friday, November 9, 12

  4. PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,

    display_errors, log_errors Friday, November 9, 12

  5. SQL Injection SELECT * FROM tablo WHERE id = $id

    register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12

  6. Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include

    = Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12

  7. Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar

    (token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12

  8. Sorular? Friday, November 9, 12

  9. PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12

  10. Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,

    12