Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PHP Güvenlik Notları

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for Hidayet Doğan Hidayet Doğan
November 07, 2012
Programming
0
1.3k

PHP Güvenlik Notları

XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir

Avatar for Hidayet Doğan

Hidayet Doğan

November 07, 2012
Tweet

More Decks by Hidayet Doğan

See All by Hidayet Doğan
Swoole ile Asenkron PHP
Avatar for Hidayet Doğan hdogan
0
800
Asenkron PHP
Avatar for Hidayet Doğan hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
Avatar for Hidayet Doğan hdogan
1
440
PHP ile Soket Programlama ve Ağ Servisleri
Avatar for Hidayet Doğan hdogan
5
4.4k
CakePHP ile Pasta Pişirmek
Avatar for Hidayet Doğan hdogan
1
900
PHP 101
Avatar for Hidayet Doğan hdogan
1
760
Web Uygulamalarında Güvenlik
Avatar for Hidayet Doğan hdogan
1
510
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
Avatar for Hidayet Doğan hdogan
5
1.7k
İnsanlar için PHP
Avatar for Hidayet Doğan hdogan
0
560

Other Decks in Programming

See All in Programming
20260127_試行錯誤の結晶を1冊に。著者が解説 先輩データサイエンティストからの指南書 / author's_commentary_ds_instructions_guide
Avatar for nash_efp nash_efp
0
880
高速開発のためのコード整理術
Avatar for sutetotanuki sutetotanuki
1
380
Package Management Learnings from Homebrew
Avatar for Mike McQuaid mikemcquaid
0
200
ZJIT: The Ruby 4 JIT Compiler / Ruby Release 30th Anniversary Party
Avatar for Takashi Kokubun k0kubun
1
390
余白を設計しフロントエンド開発を 加速させる
Avatar for karacoro / からころ tsukuha
7
2.1k
プロダクトオーナーから見たSOC2 _SOC2ゆるミートアップ#2
Avatar for Kenta Suzuki kekekenta
0
200
Automatic Grammar Agreementと Markdown Extended Attributes
について
Avatar for Kishikawa Katsumi kishikawakatsumi
0
180
Honoを使ったリモートMCPサーバでAIツールとの連携を加速させる!
Avatar for とすり tosuri13
1
170
React 19でつくる「気持ちいいUI」- 楽観的UIのすすめ
Avatar for Hiroshi Morishige himorishige
11
5.9k
The Past, Present, and Future of Enterprise Java
Avatar for ivargrimstad ivargrimstad
0
470
AIエージェントのキホンから学ぶ「エージェンティックコーディング」実践入門
Avatar for Masahiro Nishimi masahiro_nishimi
3
270
OSSとなったswift-buildで Xcodeのビルドを差し替えられるため 自分でXcodeを直せる時代になっている ダイアモンド問題編
Avatar for yimajo yimajo
3
600

Featured

See All Featured
Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline
Avatar for Tech SEO Connect techseoconnect
PRO
0
100
A better future with KSS
Avatar for Kyle Neath kneath
240
18k
Sam Torres - BigQuery for SEOs
Avatar for Tech SEO Connect techseoconnect
PRO
0
180
Introduction to Domain-Driven Design and Collaborative software design
Avatar for Kenny Baas-Schwegler baasie
1
580
SERP Conf. Vienna - Web Accessibility: Optimizing for Inclusivity and SEO
Avatar for Sara Fernández Carmona sarafernandez
1
1.3k
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
29
4.1k
Agile Actions for Facilitating Distributed Teams - ADO2019
Avatar for Mark Kilby mkilby
0
110
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
Avatar for Umar Saidu Auna auna
0
50
Claude Code どこまでも/ Claude Code Everywhere
Avatar for nwiizo nwiizo
61
52k
Exploring the relationship between traditional SERPs and Gen AI search
Avatar for Ray Grieselhuber raygrieselhuber
PRO
2
3.6k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
38
2.7k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
17k

Transcript

  1. PHP Güvenlik Notları Friday, November 9, 12

  2. PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site

    Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12

  3. Kod Okunurluğu Friday, November 9, 12

  4. PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,

    display_errors, log_errors Friday, November 9, 12

  5. SQL Injection SELECT * FROM tablo WHERE id = $id

    register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12

  6. Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include

    = Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12

  7. Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar

    (token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12

  8. Sorular? Friday, November 9, 12

  9. PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12

  10. Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,

    12