PHP Security & Web Cryptography
Paragon Initiative Enterprises
Software consulting and web development for businesses with attention to security above and beyond compliance.
Our Services » Get Secure and Resilient Business Solutions Today »
About Our Company
Paragon Initiative Enterprises is a team of technology consultants, website and app developers, and application security experts. We specialize in applied cryptography and PHP development.
Professional Services Offered
Paragon Initiative Enterprise's expertise in web development and application security can help you fulfill your vision for your business's future while ensuring the safety and security of your online presence.
Community Projects
From solving challenging security problems to reducing the cognitive load of proven security strategies, we actively contribute towards the betterment of our community, both online and offline.
What P.I.E. Can Do For You
Our company employs industry-leading experts on web application security and applied cryptography. We…
- Develop new software with a secure-by-default mindset
- Perform vulnerability assessments on your company's network and/or source code
- Coordinate with open source projects to make the Internet more secure
- Assist with data breaches and incident response
- Provide application hardening and security compliance consulting
…and offer many other related services. Our specialty is cryptographically secure PHP development.
Latest Blog Post
Accelerating The Adoption of Post-Quantum Cryptography
February 13, 2025 by P.I.E. Staff
In August, NIST published FIPS 203, FIPS 204, and FIPS 205, the first standards for Post-Quantum Cryptography (PQC).
Though we do not yet have a cryptography-relevant quantum computer, it is important to begin adopting algorithms that will continue to be secure after one has been built in the future. NIST prioritized PQC to give the technology industry adequate time to migrate their cryptography. This decision was partly informed by the failure of NSA and NIST to migrate everyone off RSA and towards Elliptic Curve Cryptography, even years after they published Suite B.
As W3Techs has reported over the years, the majority of websites on the Internet whose server-side language is detectable are powered by PHP. It stands to reason that making these algorithms available to the PHP community could make an enormous difference in the adoption of Post-Quantum Cryptography.
The Latest From Our Security Team
Latest Security Advisory
There are several instances where data pulled from $_POST (i.e. inside a foreach loop) is passed directly to unserialize(). As a consequence, SMF is vulnerable to PHP Object Injection and possibly remote code execution.
Latest Code Audit Report
Paragon Initiative Enterprises conducted a comprehensive code review of the JPaseto libraary and discovered one medium-severity vulnerability, which was promptly fixed.