Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PHP Güvenlik Notları

D55de538259751cc08d16a0843e1c69f?s=47 Hidayet Doğan
November 07, 2012
Programming
0
750

PHP Güvenlik Notları

XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir

D55de538259751cc08d16a0843e1c69f?s=128

Hidayet Doğan

November 07, 2012
Tweet

More Decks by Hidayet Doğan

See All by Hidayet Doğan
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
150
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
740
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
320
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
4
3.5k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
790
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
610
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
390
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
5
1.6k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
480

Other Decks in Programming

See All in Programming
585b6bd646ae00cd1025309c912d922f?s=48 saten
1
170
3499a1d71fa70b8ee44816ca9e7329fe?s=48 bells17
0
360
Dcbf2269af2483cabf43128ad1718c11?s=48 grapecity_dev
0
170
27ec11888b9deb5c26ab4c85e97ec000?s=48 meemeelab
0
280
Ad2155c75c67c0100dd008ad10858de5?s=48 legalforce
PRO
0
610
4f349dbe1d48627445735f7e2c818c97?s=48 layzee
1
190
12c88a3a10478fa18d0363b3ba3d9df1?s=48 christianliebel
PRO
0
130
Fb469a72f1b12726aea391f479dc1b6d?s=48 gernotstarke
0
380
Fd15b843f17ce72dcec6a1c658082f8c?s=48 tetsukick
0
180
15934fa2aa7b2ce21f091e9b7cffa856?s=48 manfredsteyer
PRO
0
190
7975b9fd58c8945ae1c6b38747de7f28?s=48 line_developers_tw2
0
670
Af64bc38c0ffcfcabdf430759ee491ce?s=48 lovee
5
730

Featured

See All Featured
C7393b7ba7ec9c8890dd77d209fbb3c9?s=48 maltzj
501
36k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
192
8.6k
A415db3ac9e9668acbc1fb36eead84ac?s=48 mthomps
39
2.3k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
494
110k
25c7c18223fb42a4c6ae1c8db6f50f9b?s=48 mojombo
358
62k
E14f55d3f939977cecbf51b64ff6f861?s=48 keithpitt
401
20k
1b8ad785acdd1ce1c99914b1c2a4e10e?s=48 sugarenia
233
850k
11c84dff30266b907714802088852677?s=48 jasonvnalue
82
8.1k
245cee81a9c424266e5e401d844ea881?s=48 lara
590
61k
91cefdf141106fa10674aae74ce05890?s=48 yeseniaperezcruz
302
31k
7653c7c449918ff6542880a8c284f5e7?s=48 jponch
103
5k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
119
16k

Transcript

  1. PHP Güvenlik Notları Friday, November 9, 12

  2. PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site

    Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12

  3. Kod Okunurluğu Friday, November 9, 12

  4. PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,

    display_errors, log_errors Friday, November 9, 12

  5. SQL Injection SELECT * FROM tablo WHERE id = $id

    register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12

  6. Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include

    = Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12

  7. Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar

    (token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12

  8. Sorular? Friday, November 9, 12

  9. PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12

  10. Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,

    12