Paragon Initiative Enterprises

Software consulting and web development for businesses with attention to security above and beyond compliance.

Our Services »

Technology should support your ambitions, not hinder them!

Secure software development philosophy:

Software should be secure by default.
Tools should be simply yet comprehensively secure.
Cryptography is fundamental to security.

About Paragon Initiative Enterprises - Orlando's Foremost Application Security Consultants

About Our Company

Paragon Initiative Enterprises is a team of technology consultants, website and app developers, and application security experts. We specialize in applied cryptography and PHP development.

Technology Consulting and Application Security Servicesby Paragon Initiative Enterprises in Orlando, FL

Professional Services Offered

Paragon Initiative Enterprise's expertise in web development and application security can help you fulfill your vision for your business's future while ensuring the safety and security of your online presence.

Community Software Projects by Paragon Initiative Enterprises in Orlando, FL

Community Projects

From solving challenging security problems to reducing the cognitive load of proven security strategies, we actively contribute towards the betterment of our community, both online and offline.

What P.I.E. Can Do For You

Our company employs industry-leading experts on web application security and applied cryptography. We…

…and offer many other related services. Our specialty is cryptographically secure PHP development.

Latest Blog Post

CipherSweet: Searchable Encryption Doesn't Have to be Bitter

Back in 2017, we outlined the fundamentals of searchable encryption with PHP and SQL. Shortly after, we implemented this design in a library we call CipherSweet.

Our initial design constraints were as follows:

  1. Only use the cryptography tools that are already widely available to developers.
  2. Only use encryption modes that are secure against chosen-ciphertext attacks.
  3. Treat usability as a security property.
  4. Remain as loosely schema-agnostic as possible, so that it's possible to use our design in NoSQL contexts or wildly different SQL database layouts.
  5. Be extensible, so that it may be integrated with many other products and services.

Today, we'd like to talk about some of the challenges we've encountered, as well as some of the features that have landed in CipherSweet since its inception, and how we believe they are beneficial for the adoption of usable cryptography at scale.

If you're not familiar with cryptography terms, you may find this page useful.

Continue Reading this Blog Post »

The Latest From Our Security Team

Latest Security Advisory

CVE-2016-5726, CVE-2016-5727 - Simple Machines Forum - PHP Object Injection

There are several instances where data pulled from $_POST (i.e. inside a foreach loop) is passed directly to unserialize(). As a consequence, SMF is vulnerable to PHP Object Injection and possibly remote code execution.

Latest Code Audit Report

Qbix Platform

One of our clients built an app upon a platform called Qbix and hired us to do a pre-launch code audit of their app as well as Qbix's platform.

More From Our Security Team »

We develop secure and dependable web-based solutions to help your business succeed.