Zend Framework is an open-source PHP framework that uses an MVC design pattern. It aims to provide reusable code and a standardized way of developing applications that is maintainable, scalable and portable. The framework controls the overall application flow and provides default behaviors that can be extended or overridden. It offers advantages like reduced development time and cleaner code compared to traditional programming. Popular sites built with Zend include Magento and IBM.

1. Zend Framework

2. Introduction to Framework
What does a Framework mean?
• It’s a concrete platform where the common code to be
executed in entire application can be kept which targets
the maintainable, Reusable and scalable application.
• A framework is an abstraction of the software code
which can be selectively overridden.
• Framework takes the form of libraries, where a well-
defined application program interface (API) is reusable
anywhere within the software under development.

3. Principles of a Framework
• Control over the flow: Instead of user’s (programmer’s) custom execution of
flow, Framework must have the control over the flow.
• Default behavior: Application has to work even without any customization of
code with default configuration.
• Extendable: Programmer should have the ability to extend the framework
code
• Non-changeable: User can extend the framework code but not allowed to
change the core framework code
• Compatible: Framework should be in such a way that Application should not
be crashed even we upgrade framework version. (Latest framework has to
work even with the older programming language versions)
• Portable: Application developed on framework has to support multiple
environments (Ex: Different databases and servers like IIS, Apache)

4. Advantages over traditional programming
• As frameworks are designed to target reusable code for quick
development, lot of development efforts and time are reduced.
• Using frameworks, the developers can spend more time on
functionality development of the application than preparing the
environment. This helps them to build defect free software
applications.
• Application Code is clean and neat as we follow standard of the
software framework
• Frameworks help you to develop the project rapidly, if you know
one framework well then you’ll never worry about the project
deadline.

5. Disadvantages:
• Learning curve is involved in understanding the different
frameworks.
• Preferable to use for large scale application because for small
application, core programming language is faster than the
framework.

6. Frameworks available in the market:
• Zend
• Cake PHP
• Code Igniter
• Symfony
• Yii

7. Zend framework:
• Open-source software framework for PHP 5.
• Its strength is in its highly-modular MVC design, making your code
more reusable and easier to maintain.

8. History of Zend
• Zend framework is started by Andi Gutmans and Zeev Suraski, one
of the most influential persons that started PHP 3.
• Launched in year 2006 with the preview release of 0.1.3 .
• Latest version - 2.0 beta release

9. Popular products developed on Zend
Framework
• Magento, which is one of popular open source shopping cart
• McAffee company website
• IBM company website

10. Advantages over other frameworks
• Highly flexible: We can extend all most all the framework
classes
• Loosely coupled: We can delete the components or modules
which we don’t want in our application. It is highly modular.
• Scalable: Can be developed high performance application as
entire library won’t be loaded for each request.
• Easy to test: PHPUnit is integrated with Zend framework.
• Compatible with different databases (Db2, Mysql, Oracle and
MSSql)

11. Structure of Zend framework

12. Security in Zend framework
• Sql security: Zend framework has the Database abstraction
layer which contains many escaping functions so no need to
bother about sql injection attacks.
• It’s having different APIs to handle queries
• Zend_Db
• Zend_Db_Statement
• Zend_Db_Select
• Zend_Db_Table

13. Cross Site Request Forgery (CSRF) Protection:
• Protections against CSRF attacks are usually based on secret,
session depended form tokens
<?php
Class My_Form extends Zend_Form
{
function __construct()
{
parent::__construct();
$this->addElement('hash', 'csrf_token',
array('salt' => get_class($this) .
's3cr3t%Ek@on9!'));
}
}
?>

14. Session Management Configuration:
• Configuration has big influence on security.
• Zend_Session providing different options to configure session
parameters’ .
• It supports SSL to avoid session hijacking.
<?php
Zend_Session::setOptions(array(
/* SSL server */ 'cookie_secure' => true,
/* own name */ 'name' => 'mySSL',
/* own storage */ 'save_path' => '/sessions/mySSL',
/* XSS hardening */ 'cookie_httponly' => true,
/* short lifetime */ 'gc_maxlifetime' => 15 * 60
));
Zend_Session::start();
?>

15. Security from XSS :
A number of classes, primarily within the
Zend_Form, Zend_Filter, Zend_Form, Zend_Log and Zend_View
components, contained character encoding inconsistencies whereby
calls to the htmlspecialchars() and htmlentities() functions used
undefined or hard coded charset parameters.

16. Different Design patterns used in Zend
framework
• Zend_Controller_Front
– Singleton
• Zend_Db_Adapter
– Abstarct factory pattern
• Zend_Db_Table
– Table Data Gateway
• Zend_Db_Table_Row
• Row Data gateway
• Zend_Log
– Factory Method
– Adapter
– Composite
• Zend_Form
– Composite
– Decorators
• Zend_Filter and Zend_Validator
– Strategy

17. References
http://www.techopedia.com/definition/14384/software-framework
http://en.wikipedia.org/wiki/Software_framework
http://www.net-security.org/secworld.php?id=8697
http://www.php-developer.org/most-used-php-framework-the-
popular-top-7-list-in-year-2011/
http://net.tutsplus.com/tutorials/php/10-compelling-reasons-to-
use-zend-framework/