Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
1.3k
0
Share
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
820
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
450
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.4k
CakePHP ile Pasta Pişirmek
hdogan
1
910
PHP 101
hdogan
1
770
Web Uygulamalarında Güvenlik
hdogan
1
530
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.7k
İnsanlar için PHP
hdogan
0
580
Other Decks in Programming
See All in Programming
軽量Java基盤の設計 DIコンテナに頼らない、長期保守と1秒起動の実現 JJUG CCC 2026 Spring
macha64
0
440
AIエージェントと協働するCLI開発 — BunとOpenClawで学んだこと
yoshikouki
1
230
OSもどきOS
arkw
0
400
Make SRE Operations Easier with Azure SRE Agent
kkamegawa
0
3.5k
Composerを使ったサプライチェーン攻撃の様子を眺めてみる #phpstudy
o0h
PRO
2
220
oxlintはeslint/typescript-eslintを置き換えられるのか
shomafujita
2
310
密結合なバックエンドから TypeScript のコードを生成する
kemuridama
1
700
決定論的オーケストレーションの設計と実装 / Design and Implementation of Deterministic Orchestration
nrslib
3
930
AI時代の仕事技芸論 — ソフトウェア開発で「遊ぶように働く」職人的熟達のすすめ
kuranuki
1
610
ADKを使って簡単にAIエージェントを作ってみよう
k1mu21
0
200
New "Type" system on PicoRuby
pocke
1
440
権限チェックの一貫性を型で守る TypeScript による多層防御
mnch
4
1.1k
Featured
See All Featured
The Invisible Side of Design
smashingmag
302
52k
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
chikuwait
0
560
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
320
How to audit for AI Accessibility on your Front & Back End
davetheseo
0
400
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
cargoodrich
3
720
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
770
Optimizing for Happiness
mojombo
378
71k
How to make the Groovebox
asonas
2
2.2k
The B2B funnel & how to create a winning content strategy
katarinadahlin
PRO
1
380
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
How to Think Like a Performance Engineer
csswizardry
28
2.6k
Automating Front-end Workflow
addyosmani
1370
210k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
macha64
yoshikouki
arkw
kkamegawa
o0h
shomafujita
kemuridama
nrslib
kuranuki
k1mu21
pocke
mnch
smashingmag
chikuwait
szymonslowik
davetheseo
.jpg){kind=avatar}
cargoodrich
nmsamuel
mojombo
asonas
katarinadahlin
cassininazir
csswizardry
addyosmani
