Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.2k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
710
Asenkron PHP
hdogan
0
1.4k
PHP Senfoni Orkestrası: Composer
hdogan
1
400
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.2k
CakePHP ile Pasta Pişirmek
hdogan
1
860
PHP 101
hdogan
1
720
Web Uygulamalarında Güvenlik
hdogan
1
480
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
530
Other Decks in Programming
See All in Programming
現場で役立つモデリング 超入門
masuda220
PRO
12
2.6k
開発効率向上のためのリファクタリングの一歩目の選択肢 ~コード分割~ / JJUG CCC 2024 Fall
ryounasso
0
310
カラム追加で増えるActiveRecordのメモリサイズ イメージできますか?
asayamakk
3
1.1k
外部システム連携先が10を超えるシステムでのアーキテクチャ設計・実装事例
kiwasaki
1
170
いかにして不足・不整合なくデータ移行したか
tjmtmmnk
1
1k
Sidekiqで実現する 長時間非同期処理の中断と再開 / Pausing and Resuming Long-Running Asynchronous Jobs with Sidekiq
hypermkt
6
2.2k
CSC305 Lecture 13
javiergs
PRO
0
120
/←このスケジュール表に立ち向かう フロントエンド開発戦略 / A front-end development strategy to tackle a single-slash schedule.
nrslib
1
580
#pixiv小説画像メーカー はこうしてできた / The Making of the pixiv Novel Image Maker
roiban
0
220
Vaporモードを大規模サービスに最速導入して学びを共有する
kazukishimamoto
4
4.2k
『ドメイン駆動設計をはじめよう』のモデリングアプローチ
masuda220
PRO
4
150
僕がつくった48個のWebサービス達
yusukebe
17
16k
Featured
See All Featured
The Invisible Side of Design
smashingmag
297
50k
Rails Girls Zürich Keynote
gr2m
93
13k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
27
1.9k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
How to Ace a Technical Interview
jacobian
275
23k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
7.9k
How STYLIGHT went responsive
nonsquared
95
5.1k
Raft: Consensus for Rubyists
vanstee
136
6.6k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
231
17k
Designing the Hi-DPI Web
ddemaree
280
34k
A designer walks into a library…
pauljervisheath
202
24k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.2k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12