Paragon Initiative Enterprises

Software consulting and web development for businesses with attention to security above and beyond compliance.

Our Services »

Technology should support your ambitions, not hinder them!

Secure software development philosophy:

Software should be secure by default.
Tools should be simply yet comprehensively secure.
Cryptography is fundamental to security.

About Paragon Initiative Enterprises - Orlando's Foremost Application Security Consultants

About Our Company

Paragon Initiative Enterprises is a team of technology consultants, website and app developers, and application security experts. We specialize in applied cryptography and PHP development.

Technology Consulting and Application Security Servicesby Paragon Initiative Enterprises in Orlando, FL

Professional Services Offered

Paragon Initiative Enterprise's expertise in web development and application security can help you fulfill your vision for your business's future while ensuring the safety and security of your online presence.

Community Software Projects by Paragon Initiative Enterprises in Orlando, FL

Community Projects

From solving challenging security problems to reducing the cognitive load of proven security strategies, we actively contribute towards the betterment of our community, both online and offline.

What P.I.E. Can Do For You

Our company employs industry-leading experts on web application security and applied cryptography. We…

…and offer many other related services. Our specialty is cryptographically secure PHP development.

Latest Blog Post

Release: sodium_compat v2 and the Future of Our Polyfill Libraries

Several years ago, we designed sodium_compat: a pure-PHP implementation of (most of) libsodium. It has since been installed over 60 million times, not counting WordPress.

Our goals with sodium_compat were as follows:

  1. Ensure ease-of-adoption for ext-sodium. By providing a permissively licensed open source PHP library that implements the same algorithms, other open source projects could move faster to libsodium proper, even if their users were on shared hosting environments where they couldn't install PHP extensions from PECL.
  2. Get adopted by software that supported old versions of PHP. Specifically, 5.2.4, which WordPress still supported at the time. Due to WordPress's enormous footprint on the Internet, this was not a lightly taken decision.
  3. Work even on 32-bit platforms. It turns out, PHP gives you signed 32-bit integers on 32-bit platforms (or on Windows before PHP 7), and if you reach a value out of the range of those integers, your numbers are "conveniently" converted to a float instead. This is a nightmare when you're implementing cryptography.
  4. Get out of your way. If you install ext-sodium, our APIs will defer all cryptography to the proper implementation. This was a core tenet of sodium_compat's design.

To repeat ourselves a bit, this was several years ago. The PHP community has evolved. WordPress now requires PHP 7.0 to function (although they do recommend 7.4). As of this writing, the oldest still-supported version of PHP is 8.2 (8.1 if you count "security fixes only"). We asked ourselves, and the /r/PHP subreddit, if anyone still even needs PHP 5 support in 2024.

The answer was a resounding, "No."

That's the background story, anyway. If you're a busy developer, the remainder of this post will be broken down into a Q&A format to explain what's changing, what's not changing, what you need to do, and whether you need to do anything.

Continue Reading this Blog Post »

The Latest From Our Security Team

Latest Security Advisory

CVE-2016-5726, CVE-2016-5727 - Simple Machines Forum - PHP Object Injection

There are several instances where data pulled from $_POST (i.e. inside a foreach loop) is passed directly to unserialize(). As a consequence, SMF is vulnerable to PHP Object Injection and possibly remote code execution.

Latest Code Audit Report

JPaseto Audit

Paragon Initiative Enterprises conducted a comprehensive code review of the JPaseto libraary and discovered one medium-severity vulnerability, which was promptly fixed.

More From Our Security Team »

We develop secure and dependable web-based solutions to help your business succeed.