PHP Güvenlik Notları

D55de538259751cc08d16a0843e1c69f?s=47 Hidayet Doğan
November 07, 2012
Programming
0
740

PHP Güvenlik Notları

XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir

D55de538259751cc08d16a0843e1c69f?s=128

Hidayet Doğan

November 07, 2012
Tweet

More Decks by Hidayet Doğan

See All by Hidayet Doğan
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
580
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
310
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
4
3.2k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
780
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
600
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
1
380
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
5
1.6k
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
0
470
D55de538259751cc08d16a0843e1c69f?s=48 hdogan
2
1.8k

Other Decks in Programming

See All in Programming
Bf3acef686273e03fa4fdf125fdad3e9?s=48 kuncevic
0
100
40301c0affdf359eaca771713e22b71a?s=48 harshbothra
0
790
80a3a3857a55f154d23acb705eff72cc?s=48 star_zero
3
130
C2b1ef3acdb04779e73749a49b5495f9?s=48 nishiuchikazuma
1
260
5a065e7ea7c56f4b04c2271771688df3?s=48 raykataoka
34
18k
9ae4f3862d4cb0771cfd36e43252f755?s=48 kurotanshi
0
220
Dee9a95c0e5483692c54cc5e60e8b09e?s=48 yusuke57
0
230
0d91e4e792fb936633033b38e57f28c8?s=48 tombo
2
290
E0e036f89c14b3e59640318eedf9670b?s=48 bkuhlmann
2
210
A87027204ff57be1dadbf36a78a73c1b?s=48 oboenikui
3
1.2k
5fc8ab822e946a8ddfa46ba15a848392?s=48 fuqda
1
120
A093c82d1ffb09f8a023c757ffa7419d?s=48 yuzujoe
2
190

Featured

See All Featured
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
3
420
812e1705ff0f8bc1bcf18587bde687d5?s=48 62gerente
581
190k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
494
110k
64827b31aef81498662e8af4bd6d5157?s=48 jonrohan
1020
350k
B3d6434763caa0ef5dc4b792662c49f7?s=48 smashingmag
281
46k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
189
17k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
119
15k
B47b288784fda77a94aeb234ca743c24?s=48 keavy
101
14k
9cde37f47e4a800ea081ea42de8d749a?s=48 dougneiner
55
5.3k
4262b9cfacfb6b2c77f23e1d0310cd3e?s=48 myddelton
104
10k
016edace78ffe826f2348d1e0c504afd?s=48 maggiecrowley
2
160
78b475797a14c84799063c7cd073962f?s=48 holman
458
270k

Transcript

  1. PHP Güvenlik Notları Friday, November 9, 12

  2. PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site

    Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12

  3. Kod Okunurluğu Friday, November 9, 12

  4. PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,

    display_errors, log_errors Friday, November 9, 12

  5. SQL Injection SELECT * FROM tablo WHERE id = $id

    register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12

  6. Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include

    = Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12

  7. Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar

    (token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12

  8. Sorular? Friday, November 9, 12

  9. PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12

  10. Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,

    12