The perils and pitfalls involved with implementing public-key encryption in a PHP project, and how to do it right.
The secure-by-default open source CMS is about to split.
How to quickly and effectively design a secure, custom cryptography protocol for your applications.
Greatly improve the security of your software by making it automatically apply the latest security updates.
How to implement a secure and robust "I forgot my password" system.
An analysis of the deficits in the security features offered by WordPress, Drupal, and Joomla.
CMS Airship is now available in the Amazon Web Services (AWS) Marketplace.
A dissection of the misnomers and bad ideas used in cryptography products.
How to setup the Caddy webserver to work with PHP 7 on Debian Jessie
A quick guide to eliminating the common threats when developing PHP applications in 2016.
Announcing the first release of CMS Airship, which establishes the new PHP security platinum standard of today and the gold standard of tomorrow.
The case for character encoding that is safe to use to encode cryptographic secrets.
This blog post will maintain the industry best practices for securely generating random data in Ruby, Node.js, Java, etc.
Our contributions to defuse/php-encryption and how it affects future behavior
A layman's introduction to using Halite, our libsodium wrapper
A deep dive into the cryptography protocols that will secure your blog, should you choose to deploy CMS Airship.
This is our promise to the community to support PHP 5 projects until EOL, and then no later.
Deserializing a string into a data structure is a simple task riddled with security holes.
The beta release for a secure-by-default CMS built by Paragon Initiative Enterprises
The answer to a very frequently asked question that most people in the industry know without needing to read this.
How to authenticate a user on multiple domains without violating the Same Origin Policy.
A short meditation on the role of security engineering in software development
Salted Password Hashing with Argon2, Scrypt, Bcrypt, and PBKDF2
Or: How I won the password hashing category for the Underhanded Crypto Contest at DEFCON 23.
Will tomorrow bring costly and embarrassing data breaches? Or will it bring growth, success, and peace of mind?
Our team of technology consultants have extensive knowledge and experience with application security and web/application development.
Want the latest from Paragon Initiative Enterprises delivered straight to your inbox? We have two newsletters to choose from.
The first mails quarterly and often showcases our behind-the-scenes projects.
The other is unscheduled and gives you a direct feed into the findings of our open source security research initiatives.