Paragon Initiative Enterprises Blog

The latest information from the team that develops cryptographically secure PHP software.

Securing the PHP Community with Paragon Initiative Enterprises Hosted Services

Last week, our security expert introduced Certainty, our CA-Cert automation library, which we designed to make disabled certificate validation an extinct vulnerability in the PHP ecosystem.

Most of our open source software projects have historically fallen into the local developer tools genre.

  • EasyDB wraps PDO and makes it more user-friendly and secure-by-default.
  • random_compat is a pure-PHP polyfill of the PHP 7 CSPRNG functions, allowing PHP 5-compatible open source projects to develop against the new random_bytes() / random_int() API without usability breaks.
  • sodium_compat is a pure-PHP polyfill of (most of) ext/sodium, allowing open source projects that support versions of PHP older than 7.2 to use the new libsodium features without usability breaks.

However, there has been an increasing need for security-oriented, self-hostable microservices. With that in mind, we'd like to introduce you to Open Source Security-Oriented Microservices

Everything we host on, including the website itself, will be released to the public as open source software. Our guiding principle is that everything we provide on this namespace should be easy for most developers to self-host.

Some examples of projects we intend to host in the immediate future include:

  • Chronicle instances
    • The Chronicle instance for the PHP community is live
    • Several other Chronicle instances are planned, but not yet spun up
    • Client registration is not yet implemented in; until then, please contact our security team with your Public Key and what PHP project you represent we will respond with a Client ID as soon as we can
  • Discretion instances
    • Discretion is a microservice for GPG-encrypted "Contact Us" forms
    • Currently under development

As we become aware of more security pain-points that we can develop usable and robust solutions for, we will be adding to this suite of hosted microservices.

Thank You for Working With Us

None of our work to improve the security of the PHP ecosystem would be possible if it weren't for our clients for choosing to hire us to consult on security and application development matters since our company was founded in early 2015. We hope to continue to provide value to everyone who produces or consumes PHP software.

About the Author

P.I.E. Staff

Paragon Initiative Enterprises

Paragon Initiative Enterprises is a Florida-based company that provides software consulting, application development, code auditing, and security engineering services. We specialize in PHP Security and applied cryptography.

Need Technology Consultants?

Will tomorrow bring costly and embarrassing data breaches? Or will it bring growth, success, and peace of mind?

Our team of technology consultants have extensive knowledge and experience with application security and web/application development.

We specialize in cryptography and secure PHP development.

Let's Work Together Towards Success

Our Security Newsletters

Want the latest from Paragon Initiative Enterprises delivered straight to your inbox? We have two newsletters to choose from.

The first mails quarterly and often showcases our behind-the-scenes projects.

The other is unscheduled and gives you a direct feed into the findings of our open source security research initiatives.

Quarterly Newsletter   Security Announcements