Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
770
Asenkron PHP
hdogan
0
1.5k
PHP Senfoni Orkestrası: Composer
hdogan
1
410
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.3k
CakePHP ile Pasta Pişirmek
hdogan
1
870
PHP 101
hdogan
1
730
Web Uygulamalarında Güvenlik
hdogan
1
490
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
540
Other Decks in Programming
See All in Programming
The Weight of Data: Rethinking Cloud-Native Systems for the Age of AI
hollycummins
0
270
AWS で実現する 安全な AI エージェントの作り方 〜 Bedrock Engineer の実装例を添えて 〜 / how-to-build-secure-ai-agents
gawa
8
710
Being an ethical software engineer
xgouchet
PRO
0
210
リアクティブシステムの変遷から理解するalien-signals / Learning alien-signals from the evolution of reactive systems
yamanoku
3
1.2k
PHPのガベージコレクションを深掘りしよう
rinchoku
0
260
プロダクト横断分析に役立つ、事前集計しないサマリーテーブル設計
hanon52_
2
390
Devinのメモリ活用の学びを自社サービスにどう組み込むか?
itarutomy
0
2.1k
Building Scalable Mobile Projects: Fast Builds, High Reusability and Clear Ownership
cyrilmottier
2
260
Building a macOS screen saver with Kotlin (Android Makers 2025)
zsmb
1
140
S3静的ホスティング+Next.js静的エクスポート で格安webアプリ構築
iharuoru
0
220
DomainException と Result 型で作る型安全なエラーハンドリング
karszawa
0
890
国漢文混用体からHolloまで
minhee
1
170
Featured
See All Featured
[RailsConf 2023] Rails as a piece of cake
palkan
54
5.4k
BBQ
matthewcrist
88
9.6k
Fontdeck: Realign not Redesign
paulrobertlloyd
83
5.5k
Become a Pro
speakerdeck
PRO
27
5.3k
The World Runs on Bad Software
bkeepers
PRO
67
11k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
135
33k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
160
15k
YesSQL, Process and Tooling at Scale
rocio
172
14k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
650
Site-Speed That Sticks
csswizardry
5
480
Into the Great Unknown - MozCon
thekraken
37
1.7k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
hollycummins
gawa
xgouchet
yamanoku
rinchoku
hanon52_
itarutomy
cyrilmottier
zsmb
iharuoru
karszawa
minhee
palkan
matthewcrist
paulrobertlloyd
speakerdeck
bkeepers
eileencodes
keavy
sstephenson
rocio
irinanazarova
csswizardry
thekraken
