Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
790
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
430
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.3k
CakePHP ile Pasta Pişirmek
hdogan
1
890
PHP 101
hdogan
1
750
Web Uygulamalarında Güvenlik
hdogan
1
510
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
550
Other Decks in Programming
See All in Programming
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
290
Vueのバリデーション、結局どれを選べばいい? ― 自作バリデーションの限界と、脱却までの道のり ― / Which Vue Validation Library Should We Really Use? The Limits of Self-Made Validation and How I Finally Moved On
neginasu
2
1.6k
Webサーバーサイド言語としてのRustについて
kouyuume
1
4.9k
When Dependencies Fail: Building Antifragile Applications in a Fragile World
selcukusta
0
110
フロントエンド開発のためのブラウザ組み込みAI入門
masashi
7
3.6k
AI 駆動開発におけるコミュニティと AWS CDK の価値
konokenj
5
270
Migration to Signals, Resource API, and NgRx Signal Store
manfredsteyer
PRO
0
120
Android16 Migration Stories ~Building a Pattern for Android OS upgrades~
reoandroider
0
140
Amazon Verified Permissions実践入門 〜Cedar活用とAppSync導入事例/Practical Introduction to Amazon Verified Permissions
fossamagna
2
100
React Nativeならぬ"Vue Native"が実現するかも?_新世代マルチプラットフォーム開発フレームワークのLynxとLynxのVue.js対応を追ってみよう_Vue Lynx
yut0naga1_fa
2
1.6k
社会人になっても趣味開発を続けたい! / traPavilion
mazrean
1
100
Six and a half ridiculous things to do with Quarkus
hollycummins
0
220
Featured
See All Featured
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Practical Orchestrator
shlominoach
190
11k
Mobile First: as difficult as doing things right
swwweet
225
10k
GitHub's CSS Performance
jonrohan
1032
470k
GraphQLの誤解/rethinking-graphql
sonatard
73
11k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
640
Agile that works and the tools we love
rasmusluckow
331
21k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
130k
The Cost Of JavaScript in 2023
addyosmani
55
9.1k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.2k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12