Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
790
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
430
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.3k
CakePHP ile Pasta Pişirmek
hdogan
1
890
PHP 101
hdogan
1
750
Web Uygulamalarında Güvenlik
hdogan
1
500
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
550
Other Decks in Programming
See All in Programming
AI Agent 時代的開發者生存指南
eddie
3
2k
Server Side Kotlin Meetup vol.16: 内部動作を理解して ハイパフォーマンスなサーバサイド Kotlin アプリケーションを書こう
ternbusty
3
220
Cursorハンズオン実践!
eltociear
2
1.1k
エンジニアインターン「Treasure」とHonoの2年、そして未来へ / Our Journey with Hono Two Years at Treasure and Beyond
carta_engineering
0
360
Things You Thought You Didn’t Need To Care About That Have a Big Impact On Your Job
hollycummins
0
240
テーブル定義書の構造化抽出して、生成AIでDWH分析を試してみた / devio2025tokyo
kasacchiful
0
210
Leading Effective Engineering Teams in the AI Era
addyosmani
7
500
AI駆動で0→1をやって見えた光と伸びしろ
passion0102
1
530
PHPに関数型の魂を宿す〜PHP 8.5 で実現する堅牢なコードとは〜 #phpcon_hiroshima / phpcon-hiroshima-2025
shogogg
1
290
大規模アプリのDIフレームワーク刷新戦略 ~過去最大規模の並行開発を止めずにアプリ全体に導入するまで~
mot_techtalk
1
470
Go Conference 2025: Goで体感するMultipath TCP ― Go 1.24 時代の MPTCP Listener を理解する
takehaya
9
1.7k
その面倒な作業、「Dart」にやらせませんか? Flutter開発者のための業務効率化
yordgenome03
1
130
Featured
See All Featured
Raft: Consensus for Rubyists
vanstee
140
7.1k
Speed Design
sergeychernyshev
32
1.2k
Learning to Love Humans: Emotional Interface Design
aarron
274
41k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
36
6.1k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
657
61k
Code Reviewing Like a Champion
maltzj
526
40k
Context Engineering - Making Every Token Count
addyosmani
7
270
Building a Modern Day E-commerce SEO Strategy
aleyda
44
7.8k
Mobile First: as difficult as doing things right
swwweet
225
10k
Done Done
chrislema
185
16k
How to Think Like a Performance Engineer
csswizardry
27
2.1k
Optimizing for Happiness
mojombo
379
70k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12