The growth of web programs and their rapid spread on a daily basis has led to the emergence of new solutions for web problems and difficulties; one such is a framework which makes the creation of new web applications much easier and faster than hitherto. However, these frameworks have different disadvantages, such as the difficulty of running them on shared servers, and they require many configurations and additional installation of libraries and tools before applications can be even begin to be created, which makes the process harder and needs more time in the case of small applications. In addition, in most cases, these frameworks provide many unused functions and unnecessary features, which makes the performance weak, heavy and unacceptable for many web applications.

For these and other reasons, the need for a light framework arises, one which combines the high importance of security and reduces the codes and features for applications so as to provide a positive experience for small enterprises. The proposed solution in this work is the design of a new PHP MVC framework that is free of vulnerabilities, provides defence layers and protection against major web attacks, such as CSRF, XXE, XSS, SQL injections and others, taking into consideration the ease in creation of new dynamic web applications based on it and their effective performance.

The framework was designed to handle the database in a secure manner using PDO and prepared statements before forwarding any data. The functions responsible for SQL queries accept any type and amount of data, which makes the framework suitable for even big web applications that require many tables and different types of data. Most disadvantages have been dealt with in this proposed framework and it is designed to provide only positive aspects and eliminate the negatives as much as possible. It offers many features, such as cryptography, verification, validation and sanitising. Also, it registers errors and details of attacks and sends notifications about the attacker, such as IP address, host and other details, to the administration email address. These and other features of the framework have been reviewed in this research.

Comparisons and operational performance results showed that the designed framework combines security aspects and good performance together. It provides multiple features while the small size code makes the creation of new secure web applications quicker, easier and available for everyone regardless of budget and server capabilities. The designed framework passed different tests against web attacks and it was free of the most common vulnerabilities according to OWASP. Also, the results of the performance tests showed a significant difference in the speed of loading time between it and other frameworks. In most cases, it was four to five times faster than Laravel as an example. Although there are some shortcomings, the evaluation indicates that the main objective of this work has been met and the main criteria of availability, integrity and confidentiality have been achieved.