Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
800
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
440
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.4k
CakePHP ile Pasta Pişirmek
hdogan
1
900
PHP 101
hdogan
1
750
Web Uygulamalarında Güvenlik
hdogan
1
510
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
560
Other Decks in Programming
See All in Programming
まだ間に合う!Claude Code元年をふりかえる
nogu66
5
930
Python札幌 LT資料
t3tra
7
1.1k
Findy AI+の開発、運用におけるMCP活用事例
starfish719
0
2.1k
疑似コードによるプロンプト記述、どのくらい正確に実行される?
kokuyouwind
0
180
CSC307 Lecture 01
javiergs
PRO
0
670
從冷知識到漏洞,你不懂的 Web,駭客懂 - Huli @ WebConf Taiwan 2025
aszx87410
2
3.3k
チームをチームにするEM
hitode909
0
450
生成AI時代を勝ち抜くエンジニア組織マネジメント
coconala_engineer
0
39k
LLMで複雑な検索条件アセットから脱却する!! 生成的検索インタフェースの設計論
po3rin
4
1.1k
それ、本当に安全? ファイルアップロードで見落としがちなセキュリティリスクと対策
penpeen
7
2.1k
TerraformとStrands AgentsでAmazon Bedrock AgentCoreのSSO認証付きエージェントを量産しよう!
neruneruo
4
2.4k
[AtCoder Conference 2025] LLMを使った業務AHCの上⼿な解き⽅
terryu16
6
1k
Featured
See All Featured
Exploring anti-patterns in Rails
aemeredith
2
220
Are puppies a ranking factor?
jonoalderson
0
2.6k
Reflections from 52 weeks, 52 projects
jeffersonlam
355
21k
The Mindset for Success: Future Career Progression
greggifford
PRO
0
210
Optimizing for Happiness
mojombo
379
70k
Six Lessons from altMBA
skipperchong
29
4.1k
Code Reviewing Like a Champion
maltzj
527
40k
DevOps and Value Stream Thinking: Enabling flow, efficiency and business value
helenjbeal
1
78
What's in a price? How to price your products and services
michaelherold
246
13k
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
Practical Orchestrator
shlominoach
190
11k
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
51
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
nogu66
t3tra
starfish719
kokuyouwind
javiergs
aszx87410
hitode909
coconala_engineer
po3rin
penpeen
neruneruo
terryu16
aemeredith
jonoalderson
jeffersonlam
greggifford
mojombo
skipperchong
maltzj
.png){kind=avatar}
helenjbeal
michaelherold
denniskardys
shlominoach
tmiket
