Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.2k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
700
Asenkron PHP
hdogan
0
1.4k
PHP Senfoni Orkestrası: Composer
hdogan
1
400
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.2k
CakePHP ile Pasta Pişirmek
hdogan
1
850
PHP 101
hdogan
1
720
Web Uygulamalarında Güvenlik
hdogan
1
470
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
530
Other Decks in Programming
See All in Programming
エラーレスポンス設計から考える、0→1開発におけるGraphQLへの向き合い方
bicstone
5
1.5k
Crafting Cross-Platform Adventures: Building a Game Engine with Kotlin Multiplatform
dwursteisen
0
210
KSPの導入・移行を前向きに検討しよう!
shxun6934
PRO
0
290
ドメイン駆動設計を実践するために必要なもの
bikisuke
4
330
Go1.23で入った errorsパッケージの小さなアプデ
kuro_kurorrr
2
400
Patched fetch did not work
quramy
4
410
Google Sign-inの移行から始めるCredential Manager活用
clockvoid
0
420
いまから追い上げる、Jetpack Compose トレーニング
nyafunta9858
0
620
Rubyとクリエイティブコーディングの輪の広がり / The Growing Circle of Ruby and Creative Coding
chobishiba
1
270
【TID2024】模擬講義:プログラマと一緒にゲームをデザインしてみよう!
akatsukigames_tech
0
680
rails_girls_is_my_gate_to_join_the_ruby_commuinty
maimux2x
0
200
Shinjuku.rb#95:心の技術書紹介
free_world21
1
110
Featured
See All Featured
Debugging Ruby Performance
tmm1
72
12k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
45
4.8k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
29
2.6k
Building an army of robots
kneath
302
42k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
36
2.1k
Music & Morning Musume
bryan
46
6k
Git: the NoSQL Database
bkeepers
PRO
425
64k
Facilitating Awesome Meetings
lara
49
6k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
27
7.4k
Principles of Awesome APIs and How to Build Them.
keavy
125
16k
Build your cross-platform service in a week with App Engine
jlugia
228
18k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
166
48k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12