Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
800
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
440
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.4k
CakePHP ile Pasta Pişirmek
hdogan
1
890
PHP 101
hdogan
1
750
Web Uygulamalarında Güvenlik
hdogan
1
510
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
560
Other Decks in Programming
See All in Programming
組み合わせ爆発にのまれない - 責務分割 x テスト
halhorn
1
160
Java 25, Nuevas características
czelabueno
0
110
AIコーディングエージェント(Gemini)
kondai24
0
270
実は歴史的なアップデートだと思う AWS Interconnect - multicloud
maroon1st
0
260
Patterns of Patterns
denyspoltorak
0
310
ゆくKotlin くるRust
exoego
1
160
著者と進める!『AIと個人開発したくなったらまずCursorで要件定義だ!』
yasunacoffee
0
160
AIエンジニアリングのご紹介 / Introduction to AI Engineering
rkaga
8
3.3k
20251212 AI 時代的 Legacy Code 營救術 2025 WebConf
mouson
0
210
クラウドに依存しないS3を使った開発術
simesaba80
0
160
生成AI時代を勝ち抜くエンジニア組織マネジメント
coconala_engineer
0
650
Combinatorial Interview Problems with Backtracking Solutions - From Imperative Procedural Programming to Declarative Functional Programming - Part 2
philipschwarz
PRO
0
110
Featured
See All Featured
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.8k
Between Models and Reality
mayunak
0
150
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
130k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
196
70k
Design in an AI World
tapps
0
99
The Language of Interfaces
destraynor
162
25k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.2k
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
170
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
286
14k
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
ラッコキーワード サービス紹介資料
rakko
0
1.8M
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
halhorn
czelabueno
kondai24
maroon1st
denyspoltorak
exoego
yasunacoffee
rkaga
mouson
simesaba80
coconala_engineer
philipschwarz
garrettdimon
mayunak
pedronauck
soudai
tapps
destraynor
kevinliebholz
denniskardys
szymonslowik
stephaniewalter
rakko
