> Your golden ticket to managing all of your business's online content—blogs, photos, infographics, artwork, multimedia, and more—is now available. We are excited and proud to announce the availability of [CMS Airship on the Amazon Web Services (AWS) Marketplace](https://aws.amazon.com/marketplace/seller-profile?id=139a5240-4d65-457b-81cf-6f13833a6ecd). ### Introducing CMS Airship
CMS Airship is a core development platform that is simply secure, out-of-the-box.
CMS Airship offers best-in-class cryptography features and well-designed security protocols, including **two-factor authentication** and **IPv6-aware brute-force login resistance**. Airship's features were designed from the ground up to protect your assets against a wide range of threats, ranging from common website security concerns such as the OWASP Top 10 to the sort of techniques only leveraged by very sophisticated hackers. If a security vulnerability is ever discovered in Airship, the fix will automatically and [securely](https://paragonie.com/blog/2016/05/keyggdrasil-continuum-cryptography-powering-cms-airship) be installed within one hour of its release, guaranteed, in the default configuration.
PHP CMS Out-of-the-Box Security Comparison Chart
Security Feature CMS Airship WordPress Drupal Joomla! Notes
Note: A detailed technical breakdown of the security of the other CMS platforms is available.
Automatic Updates The automatic updates you receive are secure against forgery even if our update server is compromised.
Prepared Statements For preventing SQL Injection vulnerabilities.
CSRF Protection Everywhere Plugins notwithstanding.
Context-Aware Output Escaping
Escapes on input
For preventing cross-site scripting vulnerabilities.
Content Security Policy CMS Airship lets you manage CSP and HPKP headers through a web interface.
HTTP Public-Key-Pinning
Password Hashing
Argon2i

Salted MD5

SHA512Crypt

bcrypt
Read more about how to safely store users' passwords and why Argon2 is the best choice.
Two-Factor Authentication
Secure "Remember Me" Checkboxes We outlined how to implement secure "remember me" checkboxes in PHP last year.
Login Brute-Force Resistance
Account Recovery: Opt Out
Account Recovery: GnuPG Encryption CMS Airship allows users to provide a public key, which will be used to encrypt the outgoing account recovery emails.
Encryption
Halite
N/A N/A
Defuse v1*
* As of v3.5.0; before, JCrypt was insecure.
Minimum PHP Version
7.0

5.2.4

5.5.9

5.3.10
Read more about why low minimum PHP version requirements are bad for security.
Code Footprint
56,078

490,115

978,569

851,019
Less code usually implies less room for bugs to slip in. This metric is useful for estimating the cost of a full audit.
Free / Open Source
Github

Trac

Git

Github
All four are released under GPL
Security Feature CMS Airship WordPress Drupal Joomla! Notes
Read more about [the security benefits of CMS Airship here](https://paragonie.com/blog/2016/06/php-security-platinum-standard-raising-bar-cms-airship).
Never again worry about zero-days.*
Even with all the security CMS Airship offers, everything is extensible and can be fully customized to suit your needs. To learn more, see [the official CMS Airship online documentation](https://github.com/paragonie/airship-docs/tree/master/en-us). Both AMIs on the AWS marketplace contain all of the tools needed to develop—and optionally publish—your own CMS Airship extensions. The same security protocol that protects Airship's self-updater will armor your custom extensions.
Be the solution.
CMS Airship has established the platinum standard of web application security. At Paragon Initiative Enterprises, our mission is to move the needle towards more security without getting in the way of productivity. We improved the security of the software that powers [over 30% of the Internet in 2015 alone](https://paragonie.com/blog/2015/12/year-2015-in-review). By choosing the official CMS Airship images available in the AWS Marketplace, in addition to choosing a more secure platform for your business, you'll be supporting to our efforts to make the Internet a safer place for everyone. ***The sky is only the beginning.***
Get involved.
* [CMS Airship on Github](https://github.com/paragonie/airship) * [CMS Airship on Reddit](https://www.reddit.com/r/cmsairship) * [Paragon Initiative Enterprises on Facebook](https://facebook.com/ParagonIE) * [Paragon Initiative Enterprises on Twitter](https://twitter.com/ParagonIE) If you have any questions or would like to inquire about our application security services, feel free to [contact us](https://paragonie.com/contact). -----

* Because updates are securely installed within one hour of their availability, the time-scale of a fix being applied is no longer meaningfully measured in days. Zero hours are the new zero days.

The other half of the equation is code quality and preventing vulnerabilities from occurring in the first place. For that, we offer our history of open source security research as an assurance.