Zend framework security | Freelancer PHP Developer

Entry Script (index.php) is the only PHP file accessible to web visitors. All other PHP files are located outside of Apache document root. This is much more secure than allowing everyone to visit any of your PHP scripts.
Routing allows to define strict rules on how an acceptable page URL should look like. If a site user enters an invalid URL in a web browser's navigation bar, he/she is automatically redirected to an error page.
Access control lists (ACL) and Role-Based Access Control (RBAC) allow to define of flexible rules for granting or denying access to certain resources of your website. For example, an anonymous user would have access to your index page only, authenticated users would have access to their profile page, and the administrator user would have access to site management panel.
Form validators and filters ensure that no unwanted data is collected through web forms. Filters, for example, allow trimming strings or strip html tags. Validators are used to check that the data that had been submitted through a form conforms to certain rules. For example, an E-mail validator checks that an E-mail field contains a valid E-mail address, and if not, raises an error forcing the site user to correct the input error.
Captcha and CSRF (Cross-Site Request Forgery) form elements are used for human checks and hacker attack prevention, respectively.
Zend\Escaper component allows stripping unwanted HTML tags from data outputted to site pages.
Cryptography support allows you to store your sensitive data (e.g. credentials) encrypted with strong crypt algorithms that are difficult to hack.