Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PHP Güvenlik Notları

D55de538259751cc08d16a0843e1c69f?s=47 Hidayet Doğan
November 07, 2012
Programming
0
820

PHP Güvenlik Notları

XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir

D55de538259751cc08d16a0843e1c69f?s=128

Hidayet Doğan

November 07, 2012
Tweet

More Decks by Hidayet Doğan

See All by Hidayet Doğan
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
240
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
970
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
330
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
4
3.7k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
800
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
640
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
400
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
5
1.6k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
490

Other Decks in Programming

See All in Programming
72a2082c6a4dd79ad68befb3db911616?s=48 mraible
PRO
2
920
E86b46be0f4e61db6b28becc5493bbab?s=48 januswel
0
1.1k
42a6a049ac8f5265f31858a9509217fb?s=48 uhooi
3
140
Ae7a5166a7b7776ffdd5676c2d6ab42f?s=48 aseiide
1
230
Ce7ab424f600bc83740be0716232d58a?s=48 takaakikakei
0
490
438799c739f93d00abc30fa2da33c543?s=48 rukiadia
2
300
119659c28d16f22d01eb48a6f3ee1391?s=48 iwatatomoya
0
3.2k
8a820699dff43e6b707a488b592e7a21?s=48 choplin
2
620
De4cef85165e8a063b5e40fe1f24daa4?s=48 cocoeyes02
1
1.1k
79fe3c13c618a61329298bdd6a86ec42?s=48 basthomas
0
110
3c9c5f9a91cac73073db8bb2903bd968?s=48 mamy1326
12
2.7k
A3fa7c92c26f1170762202d574c19e20?s=48 soh335
1
300

Featured

See All Featured
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
13
1k
5b9fe87ec1faa67a4599782930f45ec9?s=48 sstephenson
149
12k
1b8ad785acdd1ce1c99914b1c2a4e10e?s=48 sugarenia
235
960k
24fc194843a71f10949be18d5a692682?s=48 gr2m
86
11k
245cee81a9c424266e5e401d844ea881?s=48 lara
27
3.4k
F716e5f737fcfb03f2cf8d1a184f1dbe?s=48 nonsquared
84
3.6k
5f2da528927a2ec9ba4fec2069cbc958?s=48 kneath
298
39k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
171
7.7k
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
6
940
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
31
1.7k
E14f55d3f939977cecbf51b64ff6f861?s=48 keithpitt
405
20k
C44e1f7e22c3f23cff7bc130871047ef?s=48 eileencodes
118
26k

Transcript

  1. PHP Güvenlik Notları Friday, November 9, 12

  2. PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site

    Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12

  3. Kod Okunurluğu Friday, November 9, 12

  4. PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,

    display_errors, log_errors Friday, November 9, 12

  5. SQL Injection SELECT * FROM tablo WHERE id = $id

    register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12

  6. Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include

    = Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12

  7. Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar

    (token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12

  8. Sorular? Friday, November 9, 12

  9. PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12

  10. Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,

    12