Paragon Initiative Enterprises Blog

The latest information from the team that develops cryptographically secure PHP software.

CMS Airship - Simply Secure Content Management - Now Available in the AWS Marketplace

Your golden ticket to managing all of your business's online content—blogs, photos, infographics, artwork, multimedia, and more—is now available.

We are excited and proud to announce the availability of CMS Airship on the Amazon Web Services (AWS) Marketplace.

Introducing CMS Airship

CMS Airship is a core development platform that is simply secure, out-of-the-box.

CMS Airship offers best-in-class cryptography features and well-designed security protocols, including two-factor authentication and IPv6-aware brute-force login resistance.

Airship's features were designed from the ground up to protect your assets against a wide range of threats, ranging from common website security concerns such as the OWASP Top 10 to the sort of techniques only leveraged by very sophisticated hackers.

If a security vulnerability is ever discovered in Airship, the fix will automatically and securely be installed within one hour of its release, guaranteed, in the default configuration.

PHP CMS Out-of-the-Box Security Comparison Chart
Security Feature CMS Airship WordPress Drupal Joomla! Notes
Note: A detailed technical breakdown of the security of the other CMS platforms is available.
Automatic Updates The automatic updates you receive are secure against forgery even if our update server is compromised.
Prepared Statements For preventing SQL Injection vulnerabilities.
CSRF Protection Everywhere Plugins notwithstanding.
Context-Aware Output Escaping
Escapes on input
For preventing cross-site scripting vulnerabilities.
Content Security Policy CMS Airship lets you manage CSP and HPKP headers through a web interface.
HTTP Public-Key-Pinning
Password Hashing

Salted MD5


Read more about how to safely store users' passwords and why Argon2 is the best choice.
Two-Factor Authentication
Secure "Remember Me" Checkboxes We outlined how to implement secure "remember me" checkboxes in PHP last year.
Login Brute-Force Resistance
Account Recovery: Opt Out
Account Recovery: GnuPG Encryption CMS Airship allows users to provide a public key, which will be used to encrypt the outgoing account recovery emails.
Defuse v1*
* As of v3.5.0; before, JCrypt was insecure.
Minimum PHP Version



Read more about why low minimum PHP version requirements are bad for security.
Code Footprint



Less code usually implies less room for bugs to slip in. This metric is useful for estimating the cost of a full audit.
Free / Open Source



All four are released under GPL
Security Feature CMS Airship WordPress Drupal Joomla! Notes

Read more about the security benefits of CMS Airship here.

Never again worry about zero-days.*

Even with all the security CMS Airship offers, everything is extensible and can be fully customized to suit your needs. To learn more, see the official CMS Airship online documentation.

Both AMIs on the AWS marketplace contain all of the tools needed to develop—and optionally publish—your own CMS Airship extensions. The same security protocol that protects Airship's self-updater will armor your custom extensions.

Be the solution.

CMS Airship has established the platinum standard of web application security.

At Paragon Initiative Enterprises, our mission is to move the needle towards more security without getting in the way of productivity. We improved the security of the software that powers over 30% of the Internet in 2015 alone.

By choosing the official CMS Airship images available in the AWS Marketplace, in addition to choosing a more secure platform for your business, you'll be supporting to our efforts to make the Internet a safer place for everyone.

The sky is only the beginning.

Get involved.

If you have any questions or would like to inquire about our application security services, feel free to contact us.

* Because updates are securely installed within one hour of their availability, the time-scale of a fix being applied is no longer meaningfully measured in days. Zero hours are the new zero days.

The other half of the equation is code quality and preventing vulnerabilities from occurring in the first place. For that, we offer our history of open source security research as an assurance.

About the Author

P.I.E. Staff

Paragon Initiative Enterprises

Paragon Initiative Enterprises is a Florida-based company that provides software consulting, application development, code auditing, and security engineering services. We specialize in PHP Security and applied cryptography.

Need Technology Consultants?

Will tomorrow bring costly and embarrassing data breaches? Or will it bring growth, success, and peace of mind?

Our team of technology consultants have extensive knowledge and experience with application security and web/application development.

We specialize in cryptography and secure PHP development.

Let's Work Together Towards Success

Our Security Newsletters

Want the latest from Paragon Initiative Enterprises delivered straight to your inbox? We have two newsletters to choose from.

The first mails quarterly and often showcases our behind-the-scenes projects.

The other is unscheduled and gives you a direct feed into the findings of our open source security research initiatives.

Quarterly Newsletter   Security Announcements