Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
1.3k
0
Share
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
810
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
450
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.4k
CakePHP ile Pasta Pişirmek
hdogan
1
900
PHP 101
hdogan
1
760
Web Uygulamalarında Güvenlik
hdogan
1
520
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.7k
İnsanlar için PHP
hdogan
0
570
Other Decks in Programming
See All in Programming
PHPで TLSのプロトコルを実装してみるをもう一度しゃべりたい
higaki_program
0
140
それはエンジニアリングの糧である:AI開発のためにAIのOSSを開発する現場より / It serves as fuel for engineering: insights from the field of developing open-source AI for AI development.
nrslib
1
820
L’IA au service des devs : Anatomie d'un assistant de Code Review
toham
0
180
AWS re:Invent 2025の少し振り返り + DevOps AgentとBacklogを連携させてみた
satoshi256kbyte
1
110
20260315 AWSなんもわからん🥲
chiilog
2
180
Reactive ❤️ Loom: A Forbidden Love Story
franz1981
2
210
PHPで TLSのプロトコルを実装してみる
higaki_program
0
730
Claude Codeログ基盤の構築
giginet
PRO
7
3.8k
forteeの改修から振り返るPHPerKaigi 2026
muno92
PRO
3
120
車輪の再発明をしよう!PHP で実装して学ぶ、Web サーバーの仕組みと HTTP の正体
h1r0
2
480
Feature Toggle は捨てやすく使おう
gennei
0
400
Smarter Angular mit Transformers.js & Prompt API
christianliebel
PRO
1
110
Featured
See All Featured
HDC tutorial
michielstock
1
600
Mobile First: as difficult as doing things right
swwweet
225
10k
Amusing Abliteration
ianozsvald
1
150
[SF Ruby Conf 2025] Rails X
palkan
2
880
Ethics towards AI in product and experience design
skipperchong
2
250
Groundhog Day: Seeking Process in Gaming for Health
codingconduct
0
140
Designing Experiences People Love
moore
143
24k
Bash Introduction
62gerente
615
210k
Product Roadmaps are Hard
iamctodd
PRO
55
12k
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
780
jQuery: Nuts, Bolts and Bling
dougneiner
66
8.4k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.7k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
higaki_program
nrslib
toham
satoshi256kbyte
chiilog
franz1981
giginet
muno92
h1r0
gennei
christianliebel
michielstock
swwweet
ianozsvald
palkan
skipperchong
codingconduct
moore
62gerente
iamctodd
aleyda
dougneiner
bcantrill
