Our Community Projects

Security experts take care of their community, both online and offline.

Open Source Software Projects

C.M.S. Airship

Secure-by-default PHP 7 content management system powered by libsodium.

View details »


The power of libsodium, the simplicty of Paragon Initiative Enterprise engineering.

View details »


Compare executable PHP Archives. Verifies builds are reproducible, stops malware.

View details »

For the Benefit of the Community

Curated Application Security Reading List

A curated list of resources for learning about application security maintained by our team based on the recommendations of the security community.


Full-Featured Library to prevent Cross-Site Request Forgery vulnerabilities.


Automated CACert.pem management for PHP projects, to promote a more secure Internet.


Self-hostable microservice, built with Slim Framework, that provides a sapient API which enables authorized users to commit arbitrary data to an immutable, append-only public ledger.


Searchable field-level encryption library.

Constant-Time Encoding

RFC 4648 compatible character encoding that doesn't ever use table look-ups indexed by secret data.

CSP Builder

Easily integrate Content-Security-Policy headers into your web application, either from a JSON configuration file, or programatically.


Microservice for "Contact Us" forms that GnuPG-encrypt all outgoing emails.


PDO lacks brevity and simplicity; EasyDB makes separating data from instructions easy (and aesthetically pleasing). EasyDB was created by Paragon Initiative Enterprises as part of our effort to encourage better application security practices.


Usability wrapper for PHPECC. Deterministic ECDSA and authenticated encryption.


Simple and secure wrapper for phpseclib (uses defuse/php-encryption for symmetric-key encryption)


Send PGP-encrypted and/or PGP-signed emails with Zend\Mail and Crypt_GPG in one simple interface.

HPKP Builder

Easily integrate HTTP Public-Key-Pinning in your PHP applications.


Structured Input Filter with Strict Typing


Vendor-Agnostic Two-Factor Authentication Library

Password Lock

Hash then encrypt your customers' passwords.

This library was motivated by this blog post from security expert Anthony Ferrara.


Platform-Agnostic SEcurity TOkens.


A simple client for writing to a Chronicle instance.


PHP 5.x polyfill for random_bytes() and random_int(), which are simple interfaces for cryptographically secure random number generators added in PHP 7.0.0.

  • random_bytes(int) generates an arbitrary number of random bytes
  • random_int(int, int) returns a random integer between two given values (inclusive)

For more information, see random_bytes() and random_int() in the PHP manual.


Secure API toolkit. Sapient secures your PHP applications' server-to-server HTTP(S) traffic even in the wake of a TLS security breakdown (compromised certificate authority, etc.).


Seeded, Deterministic PRNG (based on AES-CTR instead of LCG)


Pure-PHP implementation of the cryptography features offered by libsodium

Need Technology Consultants?

Will tomorrow bring costly and embarrassing data breaches? Or will it bring growth, success, and peace of mind?

Our team of technology consultants have extensive knowledge and experience with application security and web/application development.

We specialize in cryptography and secure PHP development.

Let's Work Together Towards Success

Our Security Newsletters

Want the latest from Paragon Initiative Enterprises delivered straight to your inbox? We have two newsletters to choose from.

The first mails quarterly and often showcases our behind-the-scenes projects.

The other is unscheduled and gives you a direct feed into the findings of our open source security research initiatives.

Quarterly Newsletter   Security Announcements