Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
810
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
450
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.4k
CakePHP ile Pasta Pişirmek
hdogan
1
900
PHP 101
hdogan
1
760
Web Uygulamalarında Güvenlik
hdogan
1
520
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.7k
İnsanlar için PHP
hdogan
0
570
Other Decks in Programming
See All in Programming
How to stabilize UI tests using XCTest
akkeylab
0
130
モダンOBSプラグイン開発
umireon
0
140
モックわからないマン卒業記 ~振る舞いを起点に見直した、フロントエンドテストにおけるモックの使いどころ~
tasukuwatanabe
2
380
AHC061解説
shun_pi
0
380
Goの型安全性で実現する複数プロダクトの権限管理
ishikawa_pro
2
360
ふつうの Rubyist、ちいさなデバイス、大きな一年
bash0c7
0
960
守る「だけ」の優しいEMを抜けて、 事業とチームを両方見る視点を身につけた話
maroon8021
3
970
Fundamentals of Software Engineering In the Age of AI
therealdanvega
1
260
2026年は Rust 置き換えが流行る! / 20260220-niigata-5min-tech
girigiribauer
0
240
API Platformを活用したPHPによる本格的なWeb API開発 / api-platform-book-intro
ttskch
1
140
モジュラモノリスにおける境界をGoのinternalパッケージで守る
magavel
0
3.6k
ロボットのための工場に灯りは要らない
watany
10
2.9k
Featured
See All Featured
How STYLIGHT went responsive
nonsquared
100
6k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.8k
Code Reviewing Like a Champion
maltzj
528
40k
Music & Morning Musume
bryan
47
7.1k
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.1k
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
inesmontani
PRO
3
3.1k
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
1
320
For a Future-Friendly Web
brad_frost
183
10k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.2k
Building an army of robots
kneath
306
46k
From Legacy to Launchpad: Building Startup-Ready Communities
dugsong
0
180
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.4k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
akkeylab
umireon
tasukuwatanabe
shun_pi
ishikawa_pro
bash0c7
maroon8021
therealdanvega
girigiribauer
ttskch
magavel
watany
nonsquared
bluesmoon
maltzj
bryan
charlesmeaden
inesmontani
jct
brad_frost
kastner
kneath
dugsong
rmw
