Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
790
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
430
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.3k
CakePHP ile Pasta Pişirmek
hdogan
1
890
PHP 101
hdogan
1
740
Web Uygulamalarında Güvenlik
hdogan
1
500
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
550
Other Decks in Programming
See All in Programming
学習を成果に繋げるための個人開発の考え方 〜 「学習のための個人開発」のすすめ / personal project for leaning
panda_program
1
110
私の後悔をAWS DMSで解決した話
hiramax
4
170
コーディングエージェント時代のNeovim
key60228
1
110
Google I/O recap web編 大分Web祭り2025
kponda
0
2.9k
あのころの iPod を どうにか再生させたい
orumin
2
2.5k
ソフトウェアテスト徹底指南書の紹介
goyoki
1
120
WebAssemblyインタプリタを書く ~Component Modelを添えて~
ruccho
1
930
SOCI Index Manifest v2が出たので調べてみた / Introduction to SOCI Index Manifest v2
tkikuc
1
110
モバイルアプリからWebへの横展開を加速した話_Claude_Code_実践術.pdf
kazuyasakamoto
0
280
兎に角、コードレビュー
mitohato14
0
150
デザインシステムが必須の時代に
yosuke_furukawa
PRO
2
130
tool ディレクティブを導入してみた感想
sgash708
1
150
Featured
See All Featured
Speed Design
sergeychernyshev
32
1.1k
Faster Mobile Websites
deanohume
309
31k
How to Ace a Technical Interview
jacobian
279
23k
GraphQLとの向き合い方2022年版
quramy
49
14k
The Cost Of JavaScript in 2023
addyosmani
53
8.8k
GitHub's CSS Performance
jonrohan
1032
460k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.4k
Designing for humans not robots
tammielis
253
25k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
8
490
Building Adaptive Systems
keathley
43
2.7k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12