Software

A list of software created by Paragon Initiative Enterprises.

Flagship Software Products

WARD: Web Application Realtime Defender

Ward is a veritable Swiss Army Knife for securing websites at an affordable monthly cost.

Make your e-Commerce websites more secure with Ward, our state-of-the-art Web Application Firewall, Intrusion Detection System, and automatic security patch management solution. In addition to its core features, Ward customers benefit from our zero-day vulnerability research before the advisories are publicly released.

  • Security
  • PHP
  • WAF
  • IDS

Open Source Software Projects

Curated Application Security Reading List

A curated list of resources for learning about application security maintained by our team based on the recommendations of the security community.

  • Curated Reading List

Anti-CSRF

Full-Featured Library to prevent Cross-Site Request Forgery vulnerabilities.

  • Library
  • PHP

Certainty

Automated CACert.pem management for PHP projects, to promote a more secure Internet.

  • Library
  • PHP

Chronicle

Self-hostable microservice, built with Slim Framework, that provides a sapient API which enables authorized users to commit arbitrary data to an immutable, append-only public ledger.

  • Micro-Service
  • PHP

Constant-Time Encoding

RFC 4648 compatible character encoding that doesn't ever use table look-ups indexed by secret data.

  • Library
  • PHP

CSP Builder

Easily integrate Content-Security-Policy headers into your web application, either from a JSON configuration file, or programatically.

  • Library
  • PHP

CMS Airship

Secure-by-default PHP 7 content management system powered by libsodium.

  • CMS
  • PHP

Discretion

Microservice for "Contact Us" forms that GnuPG-encrypt all outgoing emails.

  • Micro-Service
  • PHP

EasyDB

PDO lacks brevity and simplicity; EasyDB makes separating data from instructions easy (and aesthetically pleasing). EasyDB was created by Paragon Initiative Enterprises as part of our effort to encourage better application security practices.

  • Library
  • PHP

EasyRSA

Simple and secure wrapper for phpseclib (uses defuse/php-encryption for symmetric-key encryption)

  • Library
  • PHP

Easy-ECC

Usability wrapper for PHPECC. Deterministic ECDSA and authenticated encryption.

  • Library
  • PHP

GPG-Mailer

Send PGP-encrypted and/or PGP-signed emails with Zend\Mail and Crypt_GPG in one simple interface.

  • Library
  • PHP

Halite

The power of libsodium, the simplicty of Paragon Initiative Enterprise engineering.

  • Library
  • PHP

HPKP Builder

Easily integrate HTTP Public-Key-Pinning in your PHP applications.

  • Library
  • PHP

Ionizer

Structured Input Filter with Strict Typing

  • Library
  • PHP

Multi-Factor

Vendor-Agnostic Two-Factor Authentication Library

  • Library
  • PHP

Password Lock

Hash then encrypt your customers' passwords.

This library was motivated by this blog post from security expert Anthony Ferrara.

  • Library
  • PHP

PASETO

Platform-Agnostic SEcurity TOkens.

  • Library
  • PHP

Pharaoh

Compare executable PHP Archives. Verifies builds are reproducible, stops malware.

  • Utility
  • PHP

Quill

A simple client for writing to a Chronicle instance.

  • Library
  • PHP

random_compat

PHP 5.x polyfill for random_bytes() and random_int(), which are simple interfaces for cryptographically secure random number generators added in PHP 7.0.0.

  • random_bytes(int) generates an arbitrary number of random bytes
  • random_int(int, int) returns a random integer between two given values (inclusive)

For more information, see random_bytes() and random_int() in the PHP manual.

  • Library
  • PHP

Sapient

Secure API toolkit. Sapient secures your PHP applications' server-to-server HTTP(S) traffic even in the wake of a TLS security breakdown (compromised certificate authority, etc.).

  • Library
  • PHP

SeedSpring

Seeded, Deterministic PRNG (based on AES-CTR instead of LCG)

  • Library
  • PHP

sodium_compat

Pure-PHP implementation of the cryptography features offered by libsodium

  • Library
  • PHP

Need Technology Consultants?

Will tomorrow bring costly and embarrassing data breaches? Or will it bring growth, success, and peace of mind?

Our team of technology consultants have extensive knowledge and experience with application security and web/application development.

We specialize in cryptography and secure PHP development.

Let's Work Together Towards Success

Our Security Newsletters

Want the latest from Paragon Initiative Enterprises delivered straight to your inbox? We have two newsletters to choose from.

The first mails quarterly and often showcases our behind-the-scenes projects.

The other is unscheduled and gives you a direct feed into the findings of our open source security research initiatives.

Quarterly Newsletter   Security Announcements