Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
810
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
450
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.4k
CakePHP ile Pasta Pişirmek
hdogan
1
900
PHP 101
hdogan
1
760
Web Uygulamalarında Güvenlik
hdogan
1
520
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.7k
İnsanlar için PHP
hdogan
0
570
Other Decks in Programming
See All in Programming
CDIの誤解しがちな仕様とその対処TIPS
futokiyo
0
200
ふつうの Rubyist、ちいさなデバイス、大きな一年
bash0c7
0
840
CSC307 Lecture 15
javiergs
PRO
0
240
2026年は Rust 置き換えが流行る! / 20260220-niigata-5min-tech
girigiribauer
0
230
RAGでハマりがちな"Excelの罠"を、データの構造化で突破する
harumiweb
9
2.8k
AI時代のシステム設計:ドメインモデルで変更しやすさを守る設計戦略
masuda220
PRO
5
920
エージェント開発初心者の僕が エージェントを作った話と今後やりたいこと
thasu0123
0
240
「やめとこ」がなくなった — 1月にZennを始めて22本書いた AI共創開発のリアル
atani14
0
370
Go 1.26でのsliceのメモリアロケーション最適化 / Go 1.26 リリースパーティ #go126party
mazrean
1
380
ふつうのRubyist、ちいさなデバイス、大きな一年 / Ordinary Rubyists, Tiny Devices, Big Year
chobishiba
1
430
モジュラモノリスにおける境界をGoのinternalパッケージで守る
magavel
0
3.5k
技術検証結果の整理と解析をAIに任せよう!
keisukeikeda
0
120
Featured
See All Featured
Automating Front-end Workflow
addyosmani
1370
200k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
10k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3.4k
The Pragmatic Product Professional
lauravandoore
37
7.2k
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
180
Gemini Prompt Engineering: Practical Techniques for Tangible AI Outcomes
mfonobong
2
310
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.6k
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
130
From π to Pie charts
rasagy
0
150
Game over? The fight for quality and originality in the time of robots
wayneb77
1
130
Making Projects Easy
brettharned
120
6.6k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
futokiyo
bash0c7
javiergs
girigiribauer
harumiweb
masuda220
thasu0123
atani14
mazrean
chobishiba
magavel
keisukeikeda
addyosmani
eileencodes
lauravandoore
nikkihalliwell
mfonobong
chriscoyier
zakiyama
tmiket
rasagy
wayneb77
brettharned
