$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
800
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
430
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.4k
CakePHP ile Pasta Pişirmek
hdogan
1
890
PHP 101
hdogan
1
750
Web Uygulamalarında Güvenlik
hdogan
1
510
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
560
Other Decks in Programming
See All in Programming
ソフトウェア設計の課題・原則・実践技法
masuda220
PRO
24
20k
All(?) About Point Sets
hole
0
240
これだけで丸わかり!LangChain v1.0 アップデートまとめ
os1ma
6
1.2k
複数人でのCLI/Infrastructure as Codeの暮らしを良くする
shmokmt
5
2.1k
Socio-Technical Evolution: Growing an Architecture and Its Organization for Fast Flow
cer
PRO
0
200
GeistFabrik and AI-augmented software development
adewale
PRO
0
230
Querying Design System デザインシステムの意思決定を支える構造検索
ikumatadokoro
1
1.2k
2025 컴포즈 마법사
jisungbin
1
170
チーム開発の “地ならし"
konifar
8
6.8k
AI時代もSEOを頑張っている話
shirahama_x
0
210
JEP 496 と JEP 497 から学ぶ耐量子計算機暗号入門 / Learning Post-Quantum Crypto Basics from JEP 496 & 497
mackey0225
2
550
Media Capture and Streams: W3C仕様と現場での知見
nowaki28
0
120
Featured
See All Featured
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
1
70
Art, The Web, and Tiny UX
lynnandtonic
303
21k
Stop Working from a Prison Cell
hatefulcrawdad
273
21k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
51k
The Invisible Side of Design
smashingmag
302
51k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.8k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Typedesign – Prime Four
hannesfritz
42
2.9k
Building an army of robots
kneath
306
46k
Reflections from 52 weeks, 52 projects
jeffersonlam
355
21k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
130k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
960
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
masuda220
hole
os1ma
shmokmt
cer
adewale
ikumatadokoro
.png){kind=avatar}
jisungbin
konifar
shirahama_x
mackey0225
nowaki28
tammyeverts
lynnandtonic
hatefulcrawdad
chrisshort
smashingmag
reverentgeek
tanoku
hannesfritz
kneath
jeffersonlam
pedronauck
