PHP Güvenlik Notları Friday, November 9, 12 

PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12 

Kod Okunurluğu Friday, November 9, 12 

PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting, display_errors, log_errors Friday, November 9, 12 

SQL Injection SELECT * FROM tablo WHERE id = $id register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12 

Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include = Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12 

Cross-site Request Forgery (CSRF) Oturum bazlı doğrulayıcı anahtarlar (token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12 

Sorular? Friday, November 9, 12 

PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12 

Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9, 12