Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.2k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
760
Asenkron PHP
hdogan
0
1.5k
PHP Senfoni Orkestrası: Composer
hdogan
1
410
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.3k
CakePHP ile Pasta Pişirmek
hdogan
1
860
PHP 101
hdogan
1
730
Web Uygulamalarında Güvenlik
hdogan
1
490
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
540
Other Decks in Programming
See All in Programming
Go 1.24でジェネリックになった型エイリアスの紹介
syumai
2
300
Honoをフロントエンドで使う 3つのやり方
yusukebe
7
3.6k
たのしいSocketのしくみ / Socket Under a Microscope
coe401_
8
1.4k
ファインディLT_ポケモン対戦の定量的分析
fufufukakaka
0
940
Rubyと自由とAIと
yotii23
6
1.8k
pylint custom ruleで始めるレビュー自動化
shogoujiie
0
160
Jakarta EE meets AI
ivargrimstad
0
530
Visual StudioのGitHub Copilotでいろいろやってみる
tomokusaba
1
210
DRFを少しずつ オニオンアーキテクチャに寄せていく DjangoCongress JP 2025
nealle
2
280
もう少しテストを書きたいんじゃ〜 #phpstudy
o0h
PRO
19
4.2k
データベースのオペレーターであるCloudNativePGがStatefulSetを使わない理由に迫る
nnaka2992
0
240
PEPCは何を変えようとしていたのか
ken7253
3
290
Featured
See All Featured
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
13
1k
GraphQLとの向き合い方2022年版
quramy
44
14k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
27
1.6k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
27
1.9k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Gamification - CAS2011
davidbonilla
80
5.2k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
193
16k
Fashionably flexible responsive web design (full day workshop)
malarkey
406
66k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
45
9.4k
Fireside Chat
paigeccino
35
3.2k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12