Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up
for free
PHP Güvenlik Notları
Hidayet Doğan
November 07, 2012
Programming
0
750
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
hdogan
0
150
hdogan
0
740
hdogan
1
320
hdogan
4
3.5k
hdogan
1
790
hdogan
1
610
hdogan
1
390
hdogan
5
1.6k
hdogan
0
480
Other Decks in Programming
See All in Programming
saten
1
170
bells17
0
360
grapecity_dev
0
170
meemeelab
0
280
legalforce
PRO
0
610
layzee
1
190
christianliebel
PRO
0
130
gernotstarke
0
380
tetsukick
0
180
manfredsteyer
PRO
0
190
line_developers_tw2
0
670
lovee
5
730
Featured
See All Featured
maltzj
501
36k
malarkey
192
8.6k
mthomps
39
2.3k
addyosmani
494
110k
mojombo
358
62k
keithpitt
401
20k
sugarenia
233
850k
jasonvnalue
82
8.1k
lara
590
61k
yeseniaperezcruz
302
31k
jponch
103
5k
malarkey
119
16k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12