Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
790
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
430
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.3k
CakePHP ile Pasta Pişirmek
hdogan
1
890
PHP 101
hdogan
1
740
Web Uygulamalarında Güvenlik
hdogan
1
500
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
550
Other Decks in Programming
See All in Programming
FindyにおけるTakumi活用と脆弱性管理のこれから
rvirus0817
0
320
Langfuseと歩む生成AI活用推進
licux
3
320
RDoc meets YARD
okuramasafumi
4
160
Microsoft Orleans, Daprのアクターモデルを使い効率的に開発、デプロイを行うためのSekibanの試行錯誤 / Sekiban: Exploring Efficient Development and Deployment with Microsoft Orleans and Dapr Actor Models
tomohisa
0
220
🔨 小さなビルドシステムを作る
momeemt
2
630
複雑なドメインに挑む.pdf
yukisakai1225
4
860
Updates on MLS on Ruby (and maybe more)
sylph01
1
170
Processing Gem ベースの、2D レトロゲームエンジンの開発
tokujiros
2
120
Google I/O recap web編 大分Web祭り2025
kponda
0
2.9k
速いWebフレームワークを作る
yusukebe
3
1.2k
Trem on Rails - Prompt Engineering com Ruby
elainenaomi
1
100
OSS開発者という働き方
andpad
5
1.6k
Featured
See All Featured
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
139
34k
Facilitating Awesome Meetings
lara
55
6.5k
The World Runs on Bad Software
bkeepers
PRO
70
11k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
18
1.1k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
161
15k
Docker and Python
trallard
45
3.5k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3k
Rebuilding a faster, lazier Slack
samanthasiow
83
9.1k
Fireside Chat
paigeccino
39
3.6k
What's in a price? How to price your products and services
michaelherold
246
12k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
rvirus0817
licux
okuramasafumi
tomohisa
momeemt
yukisakai1225
sylph01
tokujiros
kponda
yusukebe
elainenaomi
andpad
eileencodes
lara
bkeepers
sergeychernyshev
sstephenson
trallard
keithpitt
tammyeverts
samanthasiow
paigeccino
michaelherold
samlambert
