Symfony

In today’s world, speed is crucial in most aspects of human functioning. This is particularly true of technology. The same is true for developers – optimising the speed of the application is one of the key steps in creating good software. Thanks to Symfony, you do not have to worry about that! This framework puts a huge emphasis on performance and speed. It is currently one of the fastest PHP-based frameworks out there.

Regardless of the complexity of your needs, Symfony will certainly adapt to them. By using Event Dispatcher, you can easily extend the features of the existing code without modifying the fundamentals. Symfony allows you to develop software in three ways: Full Stack – allows you to create a powerful application rich in various features, Brick by brick – allows you to create an application feature by feature depending on what you need at the moment, Microframework – you can create specific functionalities in selected projects, without the need to program everything from scratch and without installing the entire framework. From the available ones, you will choose only the fragments that you really need.

An extremely useful feature of Symfony is that each component is a plugin and each plugin adds its own functionality to the framework. This allows it to be used in other projects or even shared with the wider developer community. What is more, the system itself allows you to make extensive changes in Symfony even by modifying its core. The entire framework can be extended to meet your needs without having to be configured from scratch. Framework is designed in such a way that most of its classes may be replaced by others created by the developers. Thanks to that, the tool provides high flexibility and makes it easier to use parts of the code in many places of the created application.

Symfony is created according to the best standards and design patterns. A great advantage is the inclusion of the modules like authentication, authorization, and enforcing secure HTTPS. It protects users from man-in-the-middle (MitM) attacks, which can be carried out from infected or unsecured networks. Hackers can use such techniques to steal sensitive customer information. An SSL implementation secures any data sent between the server and the browser during a user session interacting with a website. This is a key element in the field of data protection, especially the new RODO data protection regulations.

Thanks to the unique tokens hidden in the sent request, Symfony provides protection against CSRF attacks. The token in each request is unique for every user and is known only to them and to the application. Cross-Site Request Forgery (CSRF) is an attack which forces an end-user to perform unwanted actions on the web application, in which they are currently authenticated. With a little help from social engineering (such as sending a link via email or chat), the attacker can get users of the web application to perform actions of their choosing. If the victim is an ordinary user, a successful CSRF attack can force the user to perform state change requests, such as transferring funds, changing email addresses and so on. If the victim is an administrative account, CSRF can compromise the entire web application.

Cross-Site Scripting (XSS) attacks are a type of injection where malicious scripts are injected into other subdued and trusted websites. XSS attacks happen when an attacker uses a web application to send malicious code, usually in the form of a browser-side script to another end user. The errors that allow these attacks to succeed are fairly common and occur wherever a web application uses user input in its generated output without verifying or encoding it.

Symfony protects your databases with a thorough queries checking. Thanks to the combination of Symfony and Contrine library, your application will have a basic protection against SQL Injections attacks implemented. A SQL injection attack consists of inserting or “injecting” SQL query via client input into your application. A successful SQL injection exploit may read sensitive data from the database, modify the database data (Insert/Update/Delete), perform administrative operations on the database (such as disabling DBMS), retrieve the contents of a given file located in the DBMS system file, and in some cases issue commands to the operating system.