There are many PHP frameworks available for PHP namely -
Zend
CakePHP
CodeIgniter
Symfony
and so on....
Which are the security related issues taken care of by most of the frameworks ?
( As far as i know ( Cross-site scripting (XSS)) vulnerability is handled by most of them if we use there methods. What are the other issues taken care by most of them ? )
Along with usage of framework in a project, what are other security concerns needs to be taken care of ?
EDIT: In my case i am using codeigniter framework.
[spam]
I've created a little overview table a while back: http://matrix.include-once.org/framework/ which includes a few summaries about the basic cornerstones of web app security:
If I wanted to generalize, the big frameworks do indeed cover a lot of that. So the real issues become logical oversights in the business/processing layer.
Well this is a bit of a vague question as it entirely depends on what framework you are talking about.
All of the frameworks you have listed use a database abstraction layer of some sort, be it a simple query builder or a larger ActiveRecord/ORM implementation. These database abstraction layers will stop SQL injection most of the time.
CodeIgniter provides a Encrypt class which will help you generate passwords and random strings. In your main config file is an "encryption key" which will be specific to your application. This means your application will have a unique salt to another application, so if somebody gets a copy of/access to your database they won't be able to work out the passwords.
There are plenty of other security features specific to each framework, but those are the basics.
No matter how much attention and thought has gone into making sure a PHP framework is secure, the reality is that there is always room for improvement and even though frameworks like Codeigniter provide XSS, input filtering, request validation, database abstraction and other nice things, there will always be bugs and issues.
Never solely rely on a framework's in-built security protection methods. Always read into how a framework does something, understand the logic and then rewrite to meed your needs if you find something isn't as secure as it should be.
However, having said the above, I have been using Codeigniter for a few months and in a couple of high-end, high-trafficked websites and can't say that I have experienced any security issues or breaches. The one true advantage of a framework when it comes to security is that they're probably protecting you from some kind of attack you never knew existed in the first place (which is an awesome bonus).
Read into how Codeigniter and other frameworks solve security issues and protect your applications, you'll find it will strengthen your development knowledge and benefit you in the future when you write large-scale applications that require tough security and high reliability.