Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.2k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
720
Asenkron PHP
hdogan
0
1.4k
PHP Senfoni Orkestrası: Composer
hdogan
1
400
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.2k
CakePHP ile Pasta Pişirmek
hdogan
1
860
PHP 101
hdogan
1
720
Web Uygulamalarında Güvenlik
hdogan
1
480
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
540
Other Decks in Programming
See All in Programming
2024/11/8 関西Kaggler会 2024 #3 / Kaggle Kernel で Gemma 2 × vLLM を動かす。
kohecchi
5
930
Macとオーディオ再生 2024/11/02
yusukeito
0
370
RubyLSPのマルチバイト文字対応
notfounds
0
120
Contemporary Test Cases
maaretp
0
140
役立つログに取り組もう
irof
28
9.6k
Remix on Hono on Cloudflare Workers
yusukebe
1
300
TypeScript Graph でコードレビューの心理的障壁を乗り越える
ysk8hori
2
1.1k
シェーダーで魅せるMapLibreの動的ラスタータイル
satoshi7190
1
480
Amazon Qを使ってIaCを触ろう!
maruto
0
410
macOS でできる リアルタイム動画像処理
biacco42
9
2.4k
3 Effective Rules for Using Signals in Angular
manfredsteyer
PRO
1
100
Micro Frontends Unmasked Opportunities, Challenges, Alternatives
manfredsteyer
PRO
0
110
Featured
See All Featured
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.2k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
Docker and Python
trallard
40
3.1k
Unsuck your backbone
ammeep
668
57k
Building a Modern Day E-commerce SEO Strategy
aleyda
38
6.9k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
506
140k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
44
2.2k
Building Adaptive Systems
keathley
38
2.3k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
47
2.1k
Adopting Sorbet at Scale
ufuk
73
9.1k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
Navigating Team Friction
lara
183
14k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
kohecchi
yusukeito
notfounds
maaretp
irof
yusukebe
ysk8hori
satoshi7190
maruto
biacco42
manfredsteyer
mraible
bcantrill
trallard
ammeep
aleyda
chriscoyier
tammyeverts
keathley
ufuk
garrettdimon
lara
