{"id":6605,"date":"2016-02-02T09:51:47","date_gmt":"2016-02-02T07:51:47","guid":{"rendered":"https:\/\/ihs.com.tr\/blog\/?p=6605"},"modified":"2016-02-02T09:51:47","modified_gmt":"2016-02-02T07:51:47","slug":"programlama-dillerinin-guvenlik-riskleri","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/programlama-dillerinin-guvenlik-riskleri\/","title":{"rendered":"Programlama Dillerinin G\u00fcvenlik Riskleri"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><strong>Veracode<\/strong> alt\u0131 ayda bir haz\u0131rlad\u0131klar\u0131 <a href=\"https:\/\/info.veracode.com\/state-of-software-security-report-volume6-pt2.html\" target=\"_blank\" rel=\"nofollow\">Yaz\u0131l\u0131m G\u00fcvenli\u011finin Durumu Raporu<\/a>\u2019nu (State of Software Security (SOSS) Report) yay\u0131nlad\u0131. Raporda 200.000\u2019in \u00fczerinde uygulama ve trilyonlarca sat\u0131r kod inceleniyor. Raporun amac\u0131 farkl\u0131 programlama dillerinin ve platformlar\u0131n\u0131n \u00f6nemli g\u00fcvenlik sorunlar\u0131yla ne gibi ba\u011flant\u0131lar\u0131 olabilece\u011fini analiz etmek. Ara\u015ft\u0131rma sonucunda baz\u0131 programlama dillerinin di\u011ferlerine nazaran g\u00fcvenlik risklerine daha a\u00e7\u0131k oldu\u011fu tespit edildi. Rapordan \u00e7\u0131kart\u0131lan \u00fc\u00e7 \u00f6nemli sonu\u00e7 \u015fu \u015fekilde:<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">1) En \u00e7ok dikkati \u00e7eken ve endi\u015fe yaratan olgu PHP\u2019nin g\u00fcvenlik bak\u0131m\u0131ndan y\u00fcksek bir risk te\u015fkil etmesi. PHP\u2019yle yaz\u0131lan uygulamalar\u0131n %86\u2019s\u0131nda en az bir XSS komut \u00e7al\u0131\u015ft\u0131rma a\u00e7\u0131\u011f\u0131 oldu\u011fu, %81\u2019inin OWASP Top 10 standartlar\u0131n\u0131 yerine getiremedi\u011fi, %56\u2019s\u0131nda ise en az bir SQL injection\u00a0 a\u00e7\u0131\u011f\u0131 oldu\u011fu g\u00f6r\u00fcld\u00fc.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">2) Mobil uygulamalar\u0131n b\u00fcy\u00fck \u00e7o\u011funlu\u011funda geli\u015ftiricilerin k\u00f6t\u00fc kripto yaz\u0131m\u0131 nedeniyle kriptografik sorunlar bulunmakta. Raporda incelenen Android uygulamalar\u0131n\u0131n %87\u2019sinde, iOS uygulamalar\u0131n\u0131n ise %80\u2019inde kriptografik sorunlar oldu\u011fu g\u00f6r\u00fcld\u00fc.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">3) Java ve .NET en g\u00fcvenli diller aras\u0131nda \u00e7\u00fcnk\u00fc tasar\u0131mlar\u0131 sayesinde arabellek ta\u015fmas\u0131\u00a0(Buffer Overflow) neredeyse tamamen engelleniyor. Bu iki dil SQL injection\u00a0ve \u00e7apraz XSS komut \u00e7al\u0131\u015ft\u0131rma sald\u0131r\u0131lar\u0131n\u0131 \u00f6nleme bak\u0131m\u0131ndan en iyi performans\u0131 sergiledi.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Bulgular PHP\u2019nin yeni geli\u015ftiriciler i\u00e7in Java ve .NET\u2019e g\u00f6re daha eri\u015filebilir oldu\u011funu g\u00f6steriyor. Ayn\u0131 zamanda geli\u015ftirme se\u00e7eneklerinin daha dikkatli de\u011ferlendirilmesinin \u00f6nemini de belirtiyor.<br \/>\n<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Veracode alt\u0131 ayda bir haz\u0131rlad\u0131klar\u0131 Yaz\u0131l\u0131m G\u00fcvenli\u011finin Durumu Raporu\u2019nu (State of Software Security (SOSS) Report) yay\u0131nlad\u0131. Raporda 200.000\u2019in \u00fczerinde uygulama ve trilyonlarca&hellip;<\/p>\n","protected":false},"author":3,"featured_media":6606,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6605","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-haberler"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6605","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=6605"}],"version-history":[{"count":3,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6605\/revisions"}],"predecessor-version":[{"id":6629,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6605\/revisions\/6629"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/6606"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=6605"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=6605"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=6605"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}