Paragon Initiative Enterprises Blog

The latest information from the team that develops cryptographically secure PHP software.

Securely Implementing (De)Serialization in PHP

Deserializing a string into a data structure is a simple task riddled with security holes.


Client Authenticity is Not the Server's Problem

The answer to a very frequently asked question that most people in the industry know without needing to read this.


How to Safely Store Your Users' Passwords in 2016

Salted Password Hashing with Argon2, Scrypt, Bcrypt, and PBKDF2


Preventing Timing Attacks on String Comparison with a Double HMAC Strategy

Preventing side-channel attacks (i.e. timing attacks on MAC validation) and dangerous compiler optimizations with a blinded comparison.


How to Securely Allow Users to Upload Files

The theory and practice of securing file upload form handlers. Our examples are in PHP, but many of the filesystem security concepts here are language agnostic.


Building Secure Web Applications in PHP

Don't just fix security vulnerabilities, prevent the habits that cause them in the first place.


The Comprehensive Guide to URL Parameter Encryption in PHP

If you ever wondered the best way to encrypt a username or row ID for an obfuscated URL in PHP, this is the article for you.


How to Securely Generate Random Strings and Integers in PHP

A lesson on cryptographically secure pseudorandom number generators in PHP, and how to generate random integers and strings from a high quality entropy source like /dev/urandom to generate secure random passwords in PHP.


Everything You Need to Know About Preventing Cross-Site Scripting Vulnerabilities in PHP

Although Cross-Site Scripting is one of the most common vulnerabilities on the Internet, it remains an unsolved problem (unlike SQL Injection).


Preventing SQL Injection in PHP Applications - the Easy and Definitive Guide

It's 2015; there's no excuse for writing code vulnerable to SQL Injection any more


Need Technology Consultants?

Will tomorrow bring costly and embarrassing data breaches? Or will it bring growth, success, and peace of mind?

Our team of technology consultants have extensive knowledge and experience with application security and web/application development.

We specialize in cryptography and secure PHP development.

Let's Work Together Towards Success

Our Security Newsletters

Want the latest from Paragon Initiative Enterprises delivered straight to your inbox? We have two newsletters to choose from.

The first mails quarterly and often showcases our behind-the-scenes projects.

The other is unscheduled and gives you a direct feed into the findings of our open source security research initiatives.

Quarterly Newsletter   Security Announcements