Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
770
Asenkron PHP
hdogan
0
1.5k
PHP Senfoni Orkestrası: Composer
hdogan
1
410
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.3k
CakePHP ile Pasta Pişirmek
hdogan
1
870
PHP 101
hdogan
1
740
Web Uygulamalarında Güvenlik
hdogan
1
490
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
540
Other Decks in Programming
See All in Programming
Global Azure 2025 @ Kansai / Hyperlight
kosmosebi
0
120
読書シェア会 vol.4 『ダイナミックリチーミング 第2版』
kotaro666
0
110
Contribute to Comunities | React Tokyo Meetup #4 LT
sasagar
0
600
Vibe Coding の話をしよう
schroneko
14
3.7k
実践Webフロントパフォーマンスチューニング
cp20
45
10k
ComposeでのPicture in Picture
takathemax
0
130
サービスレベルを管理してアジャイルを加速しよう!! / slm-accelerate-agility
tomoyakitaura
1
200
KANNA Android の技術的課題と取り組み
watabee
0
190
Lambda(Python)の リファクタリングが好きなんです
komakichi
4
240
今話題のMCPサーバーをFastAPIでサッと作ってみた
yuukis
0
120
プロダクト横断分析に役立つ、事前集計しないサマリーテーブル設計
hanon52_
3
540
SwiftDataのカスタムデータストアを試してみた
1mash0
0
140
Featured
See All Featured
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
47
2.7k
Adopting Sorbet at Scale
ufuk
76
9.3k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
23
2.7k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
21k
Product Roadmaps are Hard
iamctodd
PRO
53
11k
The Pragmatic Product Professional
lauravandoore
33
6.6k
We Have a Design System, Now What?
morganepeng
52
7.6k
Build your cross-platform service in a week with App Engine
jlugia
230
18k
Building a Modern Day E-commerce SEO Strategy
aleyda
40
7.2k
Why You Should Never Use an ORM
jnunemaker
PRO
56
9.3k
The Straight Up "How To Draw Better" Workshop
denniskardys
233
140k
The Power of CSS Pseudo Elements
geoffreycrofte
75
5.8k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
kosmosebi
kotaro666
sasagar
schroneko
cp20
takathemax
tomoyakitaura
watabee
komakichi
yuukis
hanon52_
1mash0
tammyeverts
ufuk
eileencodes
caitiem20
iamctodd
lauravandoore
morganepeng
jlugia
aleyda
jnunemaker
denniskardys
geoffreycrofte
