Your golden ticket to managing all of your business's online content—blogs, photos, infographics, artwork, multimedia, and more—is now available.
We are excited and proud to announce the availability of CMS Airship on the Amazon Web Services (AWS) Marketplace.
Introducing CMS Airship
CMS Airship offers best-in-class cryptography features and well-designed security protocols, including two-factor authentication and IPv6-aware brute-force login resistance.
Airship's features were designed from the ground up to protect your assets against a wide range of threats, ranging from common website security concerns such as the OWASP Top 10 to the sort of techniques only leveraged by very sophisticated hackers.
If a security vulnerability is ever discovered in Airship, the fix will automatically and securely be installed within one hour of its release, guaranteed, in the default configuration.
| PHP CMS Out-of-the-Box Security Comparison Chart | |||||
|---|---|---|---|---|---|
| Security Feature | CMS Airship | WordPress | Drupal | Joomla! | Notes |
| Note: A detailed technical breakdown of the security of the other CMS platforms is available. | |||||
| Automatic Updates | The automatic updates you receive are secure against forgery even if our update server is compromised. | ||||
| Prepared Statements | For preventing SQL Injection vulnerabilities. | ||||
| CSRF Protection Everywhere | Plugins notwithstanding. | ||||
| Context-Aware Output Escaping | Escapes on input |
For preventing cross-site scripting vulnerabilities. | |||
| Content Security Policy | CMS Airship lets you manage CSP and HPKP headers through a web interface. | ||||
| HTTP Public-Key-Pinning | |||||
| Password Hashing | Argon2i |
Salted MD5 |
SHA512Crypt |
bcrypt |
Read more about how to safely store users' passwords and why Argon2 is the best choice. |
| Two-Factor Authentication | |||||
| Secure "Remember Me" Checkboxes | We outlined how to implement secure "remember me" checkboxes in PHP last year. | ||||
| Login Brute-Force Resistance | |||||
| Account Recovery: Opt Out | |||||
| Account Recovery: GnuPG Encryption | CMS Airship allows users to provide a public key, which will be used to encrypt the outgoing account recovery emails. | ||||
| Encryption | Halite |
N/A | N/A | Defuse v1* |
* As of v3.5.0; before, JCrypt was insecure. |
| Minimum PHP Version | 7.0 |
5.2.4 |
5.5.9 |
5.3.10 |
Read more about why low minimum PHP version requirements are bad for security. |
| Code Footprint | 56,078 |
490,115 |
978,569 |
851,019 |
Less code usually implies less room for bugs to slip in. This metric is useful for estimating the cost of a full audit. |
| Free / Open Source |
Github |
Trac |
Git |
Github |
All four are released under GPL |
| Security Feature | CMS Airship | WordPress | Drupal | Joomla! | Notes |
Read more about the security benefits of CMS Airship here.
Even with all the security CMS Airship offers, everything is extensible and can be fully customized to suit your needs. To learn more, see the official CMS Airship online documentation.
Both AMIs on the AWS marketplace contain all of the tools needed to develop—and optionally publish—your own CMS Airship extensions. The same security protocol that protects Airship's self-updater will armor your custom extensions.
- CMS Airship (Standalone)
Includes an onboard SQL database
- CMS Airship (Lite)
Lightweight; intended for use with Amazon RDS
CMS Airship has established the platinum standard of web application security.
At Paragon Initiative Enterprises, our mission is to move the needle towards more security without getting in the way of productivity. We improved the security of the software that powers over 30% of the Internet in 2015 alone.
By choosing the official CMS Airship images available in the AWS Marketplace, in addition to choosing a more secure platform for your business, you'll be supporting to our efforts to make the Internet a safer place for everyone.
The sky is only the beginning.
- CMS Airship on Github
- CMS Airship on Reddit
- Paragon Initiative Enterprises on Facebook
- Paragon Initiative Enterprises on Twitter
If you have any questions or would like to inquire about our application security services, feel free to contact us.
* Because updates are securely installed within one hour of their availability, the time-scale of a fix being applied is no longer meaningfully measured in days. Zero hours are the new zero days.
The other half of the equation is code quality and preventing vulnerabilities from occurring in the first place. For that, we offer our history of open source security research as an assurance.