Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
1.3k
0
Share
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
820
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
450
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.4k
CakePHP ile Pasta Pişirmek
hdogan
1
900
PHP 101
hdogan
1
760
Web Uygulamalarında Güvenlik
hdogan
1
530
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.7k
İnsanlar için PHP
hdogan
0
570
Other Decks in Programming
See All in Programming
開発とはなにか、Essenceカーネルで見えるもの
ukin0k0
0
150
Augmenting AI with the Power of Jakarta EE
ivargrimstad
0
380
SkillsをS3 Filesに置く時のあれこれ
watany
3
1.5k
UaaL×Androidアプリのメモリ計測 — Memory Profilerの先へ
rio432
0
150
Import assertionsが消えた日~ECMAScriptの仕様はどう決まり、なぜ覆るのか~
bicstone
2
180
ハーネスエンジニアリングにどう向き合うか 〜ルールファイルを超えて開発プロセスを設計する〜 / How to approach harness engineering
rkaga
28
20k
Explore CoroutineScope
tomoeng11
0
190
〜バイブコーディングを超えて〜 チームで実験し続けたAI駆動開発
tigertora7571
0
200
mruby on C#: From VM Implementation to Game Scripting (RubyKaigi 2026)
hadashia
2
1.8k
SREに優しいTerraform構成 modulesとstateの組み方
hiyanger
2
170
t *testing.T は どこからやってくるの?
otakakot
1
930
なぜあなたのコードには「コシ」がないのか?〜AI時代に問う、最後まで美味しい設計と戦略〜 #phpconkagawa / phpconkagawa2026
shogogg
0
160
Featured
See All Featured
Build your cross-platform service in a week with App Engine
jlugia
234
18k
jQuery: Nuts, Bolts and Bling
dougneiner
66
8.4k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
820
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
390
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
madoxten
62
54k
How to Think Like a Performance Engineer
csswizardry
28
2.6k
Building Applications with DynamoDB
mza
96
7k
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
3
130
<Decoding/> the Language of Devs - We Love SEO 2024
nikkihalliwell
1
210
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
8.1k
Odyssey Design
rkendrick25
PRO
2
610
The Mindset for Success: Future Career Progression
greggifford
PRO
0
330
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
ukin0k0
ivargrimstad
watany
rio432
bicstone
rkaga
tomoeng11
tigertora7571
hadashia
hiyanger
otakakot
shogogg
jlugia
dougneiner
bluesmoon
reverentgeek
madoxten
csswizardry
mza
davidcarrasco
nikkihalliwell
eileencodes
rkendrick25
greggifford
