Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.2k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
760
Asenkron PHP
hdogan
0
1.5k
PHP Senfoni Orkestrası: Composer
hdogan
1
410
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.3k
CakePHP ile Pasta Pişirmek
hdogan
1
860
PHP 101
hdogan
1
730
Web Uygulamalarında Güvenlik
hdogan
1
490
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
540
Other Decks in Programming
See All in Programming
Honoとフロントエンドの 型安全性について
yodaka
7
1.5k
メンテが命: PHPフレームワークのコンテナ化とアップグレード戦略
shunta27
0
320
Ça bouge du côté des animations CSS !
goetter
2
160
Datadog Workflow Automation で圧倒的価値提供
showwin
1
310
技術を改善し続ける
gumioji
0
180
Boost Performance and Developer Productivity with Jakarta EE 11
ivargrimstad
0
1.1k
Go 1.24でジェネリックになった型エイリアスの紹介
syumai
2
300
Djangoにおける複数ユーザー種別認証の設計アプローチ@DjangoCongress JP 2025
delhi09
PRO
4
510
オレを救った Cline を紹介する
codehex
15
13k
複数のAWSアカウントから横断で 利用する Lambda Authorizer の作り方
tc3jp
0
130
未経験でSRE、はじめました! 組織を支える役割と軌跡
curekoshimizu
1
200
15分で学ぶDuckDBの可愛い使い方 DuckDBの最近の更新
notrogue
3
830
Featured
See All Featured
The Cult of Friendly URLs
andyhume
78
6.2k
Designing on Purpose - Digital PM Summit 2013
jponch
117
7.1k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
4
440
Art, The Web, and Tiny UX
lynnandtonic
298
20k
A Modern Web Designer's Workflow
chriscoyier
693
190k
What's in a price? How to price your products and services
michaelherold
244
12k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
11
540
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
40
2k
Gamification - CAS2011
davidbonilla
80
5.2k
Rebuilding a faster, lazier Slack
samanthasiow
80
8.9k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
134
33k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12