SQL Injection prevented: parameters binding
XSS prevented: automatic HTML-escaping option for safe display
CSRF token-based protection
Overload Protection prevents the client from sending too many concurrent requests
SSO / Custom authentication modules integration... just like you do it in Java