Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
810
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
440
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.4k
CakePHP ile Pasta Pişirmek
hdogan
1
900
PHP 101
hdogan
1
760
Web Uygulamalarında Güvenlik
hdogan
1
510
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.7k
İnsanlar için PHP
hdogan
0
570
Other Decks in Programming
See All in Programming
AWS Infrastructure as Code の新機能 2025 総まとめ ~ SA 4人による怒涛のデモ祭り ~
konokenj
8
2k
Geminiの機能を調べ尽くしてみた
naruyoshimi
0
180
Claude Code、ちょっとした工夫で開発体験が変わる
tigertora7571
0
180
Rails Girls Tokyo 18th GMO Pepabo Sponsor Talk
yutokyokutyo
0
170
今、アーキテクトとして 品質保証にどう関わるか
nealle
0
180
ご飯食べながらエージェントが開発できる。そう、Agentic Engineeringならね。
yokomachi
1
260
AWS re:Invent 2025参加 直前 Seattle-Tacoma Airport(SEA)におけるハードウェア紛失インシデントLT
tetutetu214
2
130
JPUG勉強会 OSSデータベースの内部構造を理解しよう
oga5
2
220
AI主導でFastAPIのWebサービスを作るときに 人間が構造化すべき境界線
okajun35
0
300
Package Management Learnings from Homebrew
mikemcquaid
0
280
Premier Disciplin for Micro Frontends Multi Version/ Framework Scenarios @OOP 2026, Munic
manfredsteyer
PRO
0
190
「やめとこ」がなくなった — 1月にZennを始めて22本書いた AI共創開発のリアル
atani14
0
290
Featured
See All Featured
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
1
310
Tell your own story through comics
letsgokoyo
1
820
SEO for Brand Visibility & Recognition
aleyda
0
4.3k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
Practical Orchestrator
shlominoach
191
11k
Paper Plane (Part 1)
katiecoart
PRO
0
4.9k
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
davidcarrasco
0
77
Faster Mobile Websites
deanohume
310
31k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.2k
HDC tutorial
michielstock
1
460
Mobile First: as difficult as doing things right
swwweet
225
10k
Test your architecture with Archunit
thirion
1
2.2k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
konokenj
naruyoshimi
tigertora7571
yutokyokutyo
nealle
yokomachi
tetutetu214
oga5
okajun35
mikemcquaid
manfredsteyer
atani14
jct
letsgokoyo
aleyda
cassininazir
shlominoach
katiecoart
davidcarrasco
deanohume
irinanazarova
michielstock
swwweet
thirion
