Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PHP Güvenlik Notları

Hidayet Doğan
November 07, 2012
Programming
0
1k

PHP Güvenlik Notları

XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir

Hidayet Doğan

November 07, 2012
Tweet

More Decks by Hidayet Doğan

See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
550
Asenkron PHP
hdogan
0
1.3k
PHP Senfoni Orkestrası: Composer
hdogan
1
370
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4k
CakePHP ile Pasta Pişirmek
hdogan
1
840
PHP 101
hdogan
1
680
Web Uygulamalarında Güvenlik
hdogan
1
430
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
520

Other Decks in Programming

See All in Programming
_アニメーション抜き__MVIに基づくStateMachineアーキテクチャ_KMPとJetpack_ComposeとSwiftUIを組み合わせる.pdf
gmvalentino8
5
640
リアーキテクチャによってどうなりたいか/re-architecture
suzukihoge
2
320
第3回 AWSとGitHub勉強会 - GitHub Actionsを使ったCI環境の構築 -
ogiwarat
0
140
The impact of API Platform on Open-Source
loic425
0
120
CSS Subgridが遂に全ブラウザ対応。新時代のグリッドデザインを学ぼう
tonkotsuboy_com
4
2.9k
Astro 3.0入門
nozaki
0
200
マイクロサービスの効率的な監視〜不安定な依存先との闘い〜
taowata
6
1.1k
祝 Ver.3リリース Fluent UI Blazorのすすめ
tomokusaba
0
120
わかる!Hashicorp Waypoint | HashiTalks: Japan2023
kazue
0
290
マイクロサービス環境におけるToilを削減するTerraformの活用 in DMMプラットフォーム
pospome
1
220
Managing State Beyond ViewModels and Hilt (Updated)
vrallev
3
640
PHP8.2にバージョンアップして もっと型表現を豊かにしよう
akitotsukahara
0
160

Featured

See All Featured
Rebuilding a faster, lazier Slack
samanthasiow
71
7.8k
RailsConf 2023
tenderlove
0
240
The Power of CSS Pseudo Elements
geoffreycrofte
56
4.6k
YesSQL, Process and Tooling at Scale
rocio
159
13k
Practical Orchestrator
shlominoach
179
9.3k
jQuery: Nuts, Bolts and Bling
dougneiner
57
6.8k
Support Driven Design
roundedbygravity
91
9.2k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
219
21k
Code Reviewing Like a Champion
maltzj
510
38k
Why Our Code Smells
bkeepers
PRO
329
56k
4 Signs Your Business is Dying
shpigford
172
21k
A better future with KSS
kneath
230
16k

Transcript

  1. PHP Güvenlik Notları
    Friday, November 9, 12

    View Slide

  2. PHP Güvenlik Notları
    Kod Okunurluğu
    PHP Ayarları
    SQL Injection
    Cross-site Scripting (XSS)
    Cross-site Request Forgery (CSRF)
    Friday, November 9, 12

    View Slide

  3. Kod Okunurluğu
    Friday, November 9, 12

    View Slide

  4. PHP Ayarları
    Her zaman: register_globals = Off
    allow_url_include, allow_url_fopen
    error_reporting, display_errors, log_errors
    Friday, November 9, 12

    View Slide

  5. SQL Injection
    SELECT * FROM tablo WHERE id = $id
    register_globals = Off
    mysql_real_escape_string, pg_escape_string, PDO
    filter_input, filter_var
    Typecasting (integer) (boolean) (double) (float)
    addslashes = Yeterli değil!
    Friday, November 9, 12

    View Slide

  6. Cross-site Scripting (XSS)
    include($dosya);
    echo $kullanicidan_gelen_veri;
    register_globals = Off
    allow_url_include = Off
    basename, realpath, preg_match
    htmlspecialchars, htmlentities, strip_tags
    Friday, November 9, 12

    View Slide

  7. Cross-site Request Forgery
    (CSRF)

    Oturum bazlı doğrulayıcı anahtarlar (token)
    $_SERVER[‘HTTP_REFERER’] kontrol
    Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol
    Friday, November 9, 12

    View Slide

  8. Sorular?
    Friday, November 9, 12

    View Slide

  9. PHP ve Web
    Güvenliği
    ezber kartları!
    Friday, November 9, 12

    View Slide

  10. Teşekkürler!
    http://php.net/manual/tr/security.php
    http://shiflett.org/php-security.pdf
    http://hi.do
    http://github.com/hdogan
    Twitter @hdogan
    Friday, November 9, 12

    View Slide