Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.2k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
730
Asenkron PHP
hdogan
0
1.5k
PHP Senfoni Orkestrası: Composer
hdogan
1
400
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.2k
CakePHP ile Pasta Pişirmek
hdogan
1
860
PHP 101
hdogan
1
720
Web Uygulamalarında Güvenlik
hdogan
1
480
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
540
Other Decks in Programming
See All in Programming
Recoilを剥がしている話
kirik
5
6.6k
선언형 UI에서의 상태관리
l2hyunwoo
0
140
Асинхронность неизбежна: как мы проектировали сервис уведомлений
lamodatech
0
660
今年一番支援させていただいたのは認証系サービスでした
satoshi256kbyte
1
250
The Efficiency Paradox and How to Save Yourself and the World
hollycummins
1
440
rails statsで大解剖 🔍 “B/43流” のRailsの育て方を歴史とともに振り返ります
shoheimitani
2
930
103 Early Hints
sugi_0000
1
220
RWC 2024 DICOM & ISO/IEC 2022
m_seki
0
200
htmxって知っていますか?次世代のHTML
hiro_ghap1
0
330
Cloudflare MCP ServerでClaude Desktop からWeb APIを構築
kutakutat
1
530
Security_for_introducing_eBPF
kentatada
0
110
フロントエンドのディレクトリ構成どうしてる? Feature-Sliced Design 導入体験談
osakatechlab
8
4.1k
Featured
See All Featured
StorybookのUI Testing Handbookを読んだ
zakiyama
27
5.3k
Fireside Chat
paigeccino
34
3.1k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
45
2.2k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
The Language of Interfaces
destraynor
154
24k
Building Adaptive Systems
keathley
38
2.3k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
The World Runs on Bad Software
bkeepers
PRO
65
11k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.6k
What's in a price? How to price your products and services
michaelherold
243
12k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
kirik
l2hyunwoo
lamodatech
satoshi256kbyte
hollycummins
shoheimitani
sugi_0000
m_seki
hiro_ghap1
kutakutat
kentatada
osakatechlab
zakiyama
paigeccino
tammyeverts
dougneiner
destraynor
keathley
jlugia
bkeepers
keavy
lynnandtonic
kastner
michaelherold
