Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PHP Güvenlik Notları

Hidayet Doğan
November 07, 2012
Programming
0
920

PHP Güvenlik Notları

XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir

Hidayet Doğan

November 07, 2012
Tweet

More Decks by Hidayet Doğan

See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
390
Asenkron PHP
hdogan
0
1.2k
PHP Senfoni Orkestrası: Composer
hdogan
1
360
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
3.9k
CakePHP ile Pasta Pişirmek
hdogan
1
820
PHP 101
hdogan
1
660
Web Uygulamalarında Güvenlik
hdogan
1
420
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
510

Other Decks in Programming

See All in Programming
Angular's Future without NgModules: Architectures with Standalone Components
manfredsteyer
PRO
0
270
フィーチャートグルを 使って素早く価値を検証する 早く安全に失敗し学ぶために
akki_megane
0
620
Nature Remo SDKアップデートの軌跡
tomoyuki
1
410
Introduction to Static Analysis through Psalm
inouehi
0
220
20分間で振り返るIn-App Purchaseの歴史
inokinn
3
1.1k
可觀測性(Observability)的實踐
marcustung
0
1.6k
Rethinking Auth for SPAs and Micro Frontends: Easy and Secure With Gateways
manfredsteyer
PRO
0
110
watchOS におけるバックグラウンドタスクの限界
yamannnu
2
390
Xcode Cloudの評価
kishikawakatsumi
2
310
react-reconcilerでオレオレReact Nativeを作ろう!
kwzr
0
450
SASユーザー総会2022:Time-varying treatmentsに対するIPTW法による因果効果の推定
norihirosuzuki
0
260
2年かけました!大規模サービスをJava製CMSからPHP+Laravelの構成にリプレイスし、運用している話 / Replaced service from Java CMS to PHP and Laravel architecture
yumechi
1
450

Featured

See All Featured
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
8
1.1k
The Power of CSS Pseudo Elements
geoffreycrofte
48
4k
10 Git Anti Patterns You Should be Aware of
lemiorhan
642
53k
Embracing the Ebb and Flow
colly
73
3.4k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
101
6k
Ruby is Unlike a Banana
tanoku
91
9.3k
Imperfection Machines: The Place of Print at Facebook
scottboms
254
12k
Bootstrapping a Software Product
garrettdimon
297
110k
Stop Working from a Prison Cell
hatefulcrawdad
263
18k
The Language of Interfaces
destraynor
148
21k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
37
3.4k
Docker and Python
trallard
27
1.7k

Transcript

  1. PHP Güvenlik Notları Friday, November 9, 12

  2. PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site

    Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12

  3. Kod Okunurluğu Friday, November 9, 12

  4. PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,

    display_errors, log_errors Friday, November 9, 12

  5. SQL Injection SELECT * FROM tablo WHERE id = $id

    register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12

  6. Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include

    = Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12

  7. Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar

    (token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12

  8. Sorular? Friday, November 9, 12

  9. PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12

  10. Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,

    12