Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.2k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
730
Asenkron PHP
hdogan
0
1.5k
PHP Senfoni Orkestrası: Composer
hdogan
1
400
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.2k
CakePHP ile Pasta Pişirmek
hdogan
1
860
PHP 101
hdogan
1
720
Web Uygulamalarında Güvenlik
hdogan
1
480
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
540
Other Decks in Programming
See All in Programming
Amazon S3 NYJavaSIG 2024-12-12
sullis
0
110
tidymodelsによるtidyな生存時間解析 / Japan.R2024
dropout009
1
810
創造的活動から切り拓く新たなキャリア 好きから始めてみる夜勤オペレーターからSREへの転身
yjszk
1
140
毎日13時間もかかるバッチ処理をたった3日で60%短縮するためにやったこと
sho_ssk_
1
350
Semantic Kernelのネイティブプラグインで知識拡張をしてみる
tomokusaba
0
180
Beyond ORM
77web
8
1.2k
testcontainers のススメ
sgash708
1
130
【re:Growth 2024】 Aurora DSQL をちゃんと話します!
maroon1st
0
800
ドメインイベント増えすぎ問題
h0r15h0
2
430
今年一番支援させていただいたのは認証系サービスでした
satoshi256kbyte
1
260
htmxって知っていますか?次世代のHTML
hiro_ghap1
0
350
선언형 UI에서의 상태관리
l2hyunwoo
0
190
Featured
See All Featured
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
1
110
Keith and Marios Guide to Fast Websites
keithpitt
410
22k
Intergalactic Javascript Robots from Outer Space
tanoku
270
27k
How To Stay Up To Date on Web Technology
chriscoyier
789
250k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
44
9.3k
Code Reviewing Like a Champion
maltzj
521
39k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.5k
It's Worth the Effort
3n
183
28k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
Speed Design
sergeychernyshev
25
670
Into the Great Unknown - MozCon
thekraken
33
1.5k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
sullis
dropout009
yjszk
sho_ssk_
tomokusaba
77web
sgash708
maroon1st
h0r15h0
satoshi256kbyte
hiro_ghap1
l2hyunwoo
sergeychernyshev
keithpitt
tanoku
chriscoyier
mongodb
maltzj
bluesmoon
3n
eileencodes
thekraken
destraynor
