Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
810
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
440
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.4k
CakePHP ile Pasta Pişirmek
hdogan
1
900
PHP 101
hdogan
1
760
Web Uygulamalarında Güvenlik
hdogan
1
510
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.7k
İnsanlar için PHP
hdogan
0
570
Other Decks in Programming
See All in Programming
Railsの気持ちを考えながらコントローラとビューを整頓する/tidying-rails-controllers-and-views-as-rails-think
moro
4
360
New in Go 1.26 Implementing go fix in product development
sunecosuri
0
110
CSC307 Lecture 14
javiergs
PRO
0
440
Beyond the Basics: Signal Forms
manfredsteyer
PRO
0
110
izumin5210のプロポーザルのネタ探し #tskaigi_msup
izumin5210
1
500
15年目のiOSアプリを1から作り直す技術
teakun
0
580
今、アーキテクトとして 品質保証にどう関わるか
nealle
0
200
Premier Disciplin for Micro Frontends Multi Version/ Framework Scenarios @OOP 2026, Munic
manfredsteyer
PRO
0
200
Agent Skills Workshop - AIへの頼み方を仕組み化する
gotalab555
13
7.5k
AIエージェントのキホンから学ぶ「エージェンティックコーディング」実践入門
masahiro_nishimi
7
1.2k
エージェント開発初心者の僕が エージェントを作った話と今後やりたいこと
thasu0123
0
220
Go 1.26でのsliceのメモリアロケーション最適化 / Go 1.26 リリースパーティ #go126party
mazrean
1
320
Featured
See All Featured
Darren the Foodie - Storyboard
khoart
PRO
3
2.7k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Navigating Weather and Climate Data
rabernat
0
130
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
katarinadahlin
PRO
1
3.5k
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
130k
Digital Ethics as a Driver of Design Innovation
axbom
PRO
1
200
sira's awesome portfolio website redesign presentation
elsirapls
0
170
Into the Great Unknown - MozCon
thekraken
40
2.3k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.7k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
16k
End of SEO as We Know It (SMX Advanced Version)
ipullrank
3
4k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
moro
sunecosuri
javiergs
manfredsteyer
izumin5210
teakun
nealle
gotalab555
masahiro_nishimi
thasu0123
mazrean
khoart
samlambert
rabernat
katarinadahlin
wjessup
pedronauck
axbom
elsirapls
thekraken
marktimemedia
sstephenson
ipullrank
