Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Hidayet Doğan
November 07, 2012
Programming
1.4k
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
830
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
450
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.4k
CakePHP ile Pasta Pişirmek
hdogan
1
910
PHP 101
hdogan
1
770
Web Uygulamalarında Güvenlik
hdogan
1
530
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.7k
İnsanlar için PHP
hdogan
0
580
Other Decks in Programming
See All in Programming
キャリア迷子上等 ─ "ない道"は自分で作ればいい
16bitidol
3
2.2k
ローカルLLMでどこまでコードが書けるか -拡張版 / How much code can be written on a local LLM Extended
kishida
12
4.4k
1B+ /day規模のログを管理する技術
broadleaf
0
110
過去最大のMCPアップデート! 2026-07-28 RC版の謎に迫る
licux
6
380
LLM本来の能力を解き放つサンドボックス技術とAI民主化への適用
yukukotani
3
4.5k
Lemonade + Foundry Toolkit でお手軽アプリ開発
seosoft
1
370
Even G2とAWSで推しのエージェントを召喚しよう!
har1101
1
120
Datadog × OpenTelemetry 入門と実践のあいだ
kn_to_maxpno
1
170
PHPで使える日時の表現と、その知り方 #frontend_phpcon_do
o0h
PRO
0
260
ADKを使って簡単にAIエージェントを作ってみよう
k1mu21
0
280
Javaの型とAI時代に型が大事な理由 / java types and type in AI era
kishida
2
150
その問い、本当に正しいですか?AI時代のエンジニアに必要な哲学と認知科学 / ai-philosophy-cognitive-science
minodriven
11
6.1k
Featured
See All Featured
Building Applications with DynamoDB
mza
96
7.1k
KATA
mclloyd
PRO
35
15k
How Software Deployment tools have changed in the past 20 years
geshan
0
34k
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
340
JAMstack: Web Apps at Ludicrous Speed - All Things Open 2022
reverentgeek
1
480
Learning to Love Humans: Emotional Interface Design
aarron
275
41k
How to make the Groovebox
asonas
2
2.2k
Code Review Best Practice
trishagee
74
20k
Art, The Web, and Tiny UX
lynnandtonic
304
22k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
1.2k
Designing Experiences People Love
moore
143
24k
The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek
aleyda
2
11k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
16bitidol
kishida
broadleaf
licux
yukukotani
seosoft
har1101
kn_to_maxpno
o0h
k1mu21
minodriven
mza
mclloyd
geshan
szymonslowik
reverentgeek
aarron
asonas
trishagee
lynnandtonic
tammyeverts
moore
aleyda
