Paragon Initiative Enterprises

Software consulting and web development for businesses with attention to security above and beyond compliance.

Our Services »

Technology should support your ambitions, not hinder them!

Secure software development philosophy:

Software should be secure by default.
Tools should be simply yet comprehensively secure.
Cryptography is fundamental to security.

About Paragon Initiative Enterprises - Orlando's Foremost Application Security Consultants

About Our Company

Paragon Initiative Enterprises is a team of technology consultants, website and app developers, and application security experts. We specialize in applied cryptography and PHP development.

Technology Consulting and Application Security Servicesby Paragon Initiative Enterprises in Orlando, FL

Professional Services Offered

Paragon Initiative Enterprise's expertise in web development and application security can help you fulfill your vision for your business's future while ensuring the safety and security of your online presence.

Community Software Projects by Paragon Initiative Enterprises in Orlando, FL

Community Projects

From solving challenging security problems to reducing the cognitive load of proven security strategies, we actively contribute towards the betterment of our community, both online and offline.

What P.I.E. Can Do For You

Our company employs industry-leading experts on web application security and applied cryptography. We…

…and offer many other related services. Our specialty is cryptographically secure PHP development.

Latest Blog Post

Demystifying Server-Side HTTP Requests for WordPress Developers

WordPress's core development team began a discussion recently about the challenges involved in enabling plugin/theme developers to manage their own keys. This led to a discussion about Project Gossamer and our designs for zero-authority public key infrastructure (za-PKI).

And then, being halfway across the bridge, decided to make a sharp left turn and discuss rolling back the Ed25519 signature for core updates in favor of "SSL with checksums".

I do want to reiterate that I want to see package signing come to fruition, so rolling back the current implementation is primarily about clearing the way to ensure it's done properly, rather than trying to rush a half-baked solution.

(Emphasis mine.)

This development was accompanied by a blog post with a confusing title ("SSL for auto updates"), for which the biggest takeaway seems to be: Nobody understands server-side HTTP requests.

If that's the case, to any WordPress freelancers in the audience: you'll want to read this post to distinguish yourself from the majority of your peers.

Continue Reading this Blog Post »

The Latest From Our Security Team

Latest Security Advisory

CVE-2016-5726, CVE-2016-5727 - Simple Machines Forum - PHP Object Injection

There are several instances where data pulled from $_POST (i.e. inside a foreach loop) is passed directly to unserialize(). As a consequence, SMF is vulnerable to PHP Object Injection and possibly remote code execution.

Latest Code Audit Report

Qbix Platform

One of our clients built an app upon a platform called Qbix and hired us to do a pre-launch code audit of their app as well as Qbix's platform.

More From Our Security Team »

We develop secure and dependable web-based solutions to help your business succeed.