Your PHP 5 code won't break, but your PHP 8.1+ code will be faster and cleaner| Paragon Initiative
A short summary of the work we've done to make the Internet more secure for everyone.| Paragon Initiative
Our project, Gossamer, is the best first step to solving supply chain security for the PHP ecosystem.| Paragon Initiative
How we plan to discourage insecure implementations of PASETO.| Paragon Initiative
PASERK adds public-key encryption, key-wrapping, key serialization, and unique key identification to PASETO.| Paragon Initiative
Announcing new versions of the PASETO protocol, which offer better arguments for security in a wider range of use cases.| Paragon Initiative
Introducing Ristretto255 for PHP developers| Paragon Initiative
Why versioned protocols are superior to "cipher agility"-based cryptographic designs.| Paragon Initiative
We'll be doing for JavaScript (Node.js) what we've been doing for PHP for several years now.| Paragon Initiative
Your webserver can initiate HTTP requests too, and securing those matters a lot.| Paragon Initiative
We wrote a cryptography library entirely in PHP to make your WordPress site secure against supply-chain attacks.| Paragon Initiative
A simple, accessible recommendation for key sizes and recommended algorithms for various cryptographic algorithms.| Paragon Initiative
CipherSweet is a PHP library that provides searchable encryption for the most common cases a web developer is likely to encounter.| Paragon Initiative
We have a lot of work ahead of us in 2019, and we hope it benefits the entire PHP community| Paragon Initiative
Paragon Initiative Enterprises answers several reader questions| Paragon Initiative
Slice of PIE is a new mini-series| Paragon Initiative
If you're planning on implementing the W3C and FIDO Alliance's new WebAuthn standard for hardware security token support, skip ECDAA for now.| Paragon Initiative
A brief overview of the various common use-cases of asymmetric cryptography (also known as "public-key cryptography") from the perspective of a software developer.| Paragon Initiative
A deep dive into preventing chosen-ciphertext (e.g. padding oracle) attacks against RSA in custom encrypted transport protocols.| Paragon Initiative
Our company's name was decided on March 14, 2015, which makes its birthday very easy to remember.| Paragon Initiative
Paseto (Platform-Agnostic Security Tokens) is everything JWT should be, but isn't (namely, secure)| Paragon Initiative
Let's solve application security at an ecosystem level by updating outdated and/or insecure blog posts to refer developers to better practices.| Paragon Initiative
Everything a developer needs to know to build secure software in the PHP programming language in the year 2018| Paragon Initiative
How to build a homomorphic encryption scheme that is not vulnerable to chosen-ciphertext attacks, using blockchain-like protocols.| Paragon Initiative
Introducing PIE-Hosted Services to Help Further our Goals to Secure the Entire PHP Ecosystem| Paragon Initiative
Our new open source library, which keeps your Certificate Authority certificate bundle up-to-date.| Paragon Initiative
Recent events have put supply chain attacks against software updaters on everyone's radar. Scott explains what this means and what to do about it.| Paragon Initiative
How to build your own automatic update system that is verifiably secure.| Paragon Initiative
Ward is our latest security product, intended to help secure e-Commerce platforms.| Paragon Initiative
A reflection on the first six months of the year, ext/sodium landing in PHP 7.2, and where to go from here.| Paragon Initiative
With Chronicle, you probably don't need a blockchain to solve your problems anymore.| Paragon Initiative
How to use Sapient, our new Secure API Toolkit, to Harden your PHP 7 software.| Paragon Initiative
A quick comparison of libsodium functions with similar names/purposes, and which one to use for a specific use case| Paragon Initiative
Why your software product needs code audits (particularly with cryptography), and how we deliver a higher standard of service.| Paragon Initiative
How to implement field-level data encryption while still allowing fast queries.| Paragon Initiative
Application security has a checklist problem; we propose a better way forward.| Paragon Initiative
A deep dive into the security engineering decisions that went into CMS Airship. A lot of the decisions we made are subtle.| Paragon Initiative
A Brief Introduction to our Split Token Approach| Paragon Initiative
Your field guide to building secure cryptography features in PHP| Paragon Initiative
A lot of articles posted online that claim to be about PHP security are patently false and misleading.| Paragon Initiative
Our plan to make libsodium a core PHP extension and write a userland polyfill for PHP 5.2.4+| Paragon Initiative
The perils and pitfalls involved with implementing public-key encryption in a PHP project, and how to do it right.| Paragon Initiative
The secure-by-default open source CMS is about to split.| Paragon Initiative
How to quickly and effectively design a secure, custom cryptography protocol for your applications.| Paragon Initiative
Greatly improve the security of your software by making it automatically apply the latest security updates.| Paragon Initiative
How to implement a secure and robust "I forgot my password" system.| Paragon Initiative
An analysis of the deficits in the security features offered by WordPress, Drupal, and Joomla.| Paragon Initiative
CMS Airship is now available in the Amazon Web Services (AWS) Marketplace.| Paragon Initiative
A dissection of the misnomers and bad ideas used in cryptography products.| Paragon Initiative
How to setup the Caddy webserver to work with PHP 7 on Debian Jessie| Paragon Initiative
A quick guide to eliminating the common threats when developing PHP applications in 2016.| Paragon Initiative
Announcing the first release of CMS Airship, which establishes the new PHP security platinum standard of today and the gold standard of tomorrow.| Paragon Initiative
The case for character encoding that is safe to use to encode cryptographic secrets.| Paragon Initiative
This blog post will maintain the industry best practices for securely generating random data in Ruby, Node.js, Java, etc.| Paragon Initiative
Our contributions to defuse/php-encryption and how it affects future behavior| Paragon Initiative
A layman's introduction to using Halite, our libsodium wrapper| Paragon Initiative
A deep dive into the cryptography protocols that will secure your blog, should you choose to deploy CMS Airship.| Paragon Initiative
This is our promise to the community to support PHP 5 projects until EOL, and then no later.| Paragon Initiative
Deserializing a string into a data structure is a simple task riddled with security holes.| Paragon Initiative
The beta release for a secure-by-default CMS built by Paragon Initiative Enterprises| Paragon Initiative
The answer to a very frequently asked question that most people in the industry know without needing to read this.| Paragon Initiative
How to authenticate a user on multiple domains without violating the Same Origin Policy.| Paragon Initiative
A short meditation on the role of security engineering in software development| Paragon Initiative
Salted Password Hashing with Argon2, Scrypt, Bcrypt, and PBKDF2| Paragon Initiative
Or: How I won the password hashing category for the Underhanded Crypto Contest at DEFCON 23.| Paragon Initiative
A year-in-review blog post about our projects at Paragon Initiative Enterprises.| Paragon Initiative
Or: How I learned to stop worrying and love software exploitation.| Paragon Initiative
There are three forms of dishonesty: Lies, damned lies, and security trade-offs.| Paragon Initiative
If you're wondering which cryptography library you should use in your project, this should help make the decision easier.| Paragon Initiative
Preventing side-channel attacks (i.e. timing attacks on MAC validation) and dangerous compiler optimizations with a blinded comparison.| Paragon Initiative
The theory and practice of securing file upload form handlers. Our examples are in PHP, but many of the filesystem security concepts here are language agnostic.| Paragon Initiative
In version 4.4 and on, WordPress's random number generator function (wp_rand) will now be cryptographically secure.| Paragon Initiative
Don't just fix security vulnerabilities, prevent the habits that cause them in the first place.| Paragon Initiative
If you ever wondered the best way to encrypt a username or row ID for an obfuscated URL in PHP, this is the article for you.| Paragon Initiative
No matter what language you're developing in, there's really only one cryptography library that shines above the rest.| Paragon Initiative
With PHP 7 nearing its official release, let's reflect on the state of cryptography in PHP applications.| Paragon Initiative
We aren't satisfied with the industry's current attempts to teach the basic concepts of application security to software developers; instead, we propose a gentler model.| Paragon Initiative
A human-readable overview of commonly misused cryptography terms and fundamental concepts.| Paragon Initiative
Some useful things that can be built with a CSPRNG.| Paragon Initiative
A lesson on cryptographically secure pseudorandom number generators in PHP, and how to generate random integers and strings from a high quality entropy source like /dev/urandom to generate secure random passwords in PHP.| Paragon Initiative
What is the potential impact of a given vulnerability? This isn't easy to answer.| Paragon Initiative
Although Cross-Site Scripting is one of the most common vulnerabilities on the Internet, it remains an unsolved problem (unlike SQL Injection).| Paragon Initiative
There are a lot of ways having an online presence can be used against you, and the most basic security decisions are not technical.| Paragon Initiative
The first in a two-part series. We establish a mathematical definition for popularity within a given dataset and build some abuse resistance into the algorithm design.| Paragon Initiative
It's 2015; there's no excuse for writing code vulnerable to SQL Injection any more| Paragon Initiative
Alternative title: "Libmcrypt considered harmful." You should use libsodium if you can, or OpenSSL if you can't.| Paragon Initiative
We're maintaining a curated appsec reading list on Github -- check it out.| Paragon Initiative
A developer's short guide to encryption, authentication, and authenticated encryption with examples in PHP| Paragon Initiative
Login forms with a remember me checkbox are a common requirement. We explore the security of login forms and a robust model for remember me checkboxes.| Paragon Initiative
How to configure and use PHP's build-in session management system for maximum security.| Paragon Initiative
The official release of the PHAR auditing utility by Paragon Initiative.| Paragon Initiative
Secure code delivery is a hard problem; one which we aspire to solve.| paragonie.com
JWT, JWE, JWS, etc. are terrible designs and need to be scrapped, not resuscitated.| paragonie.com
Leveraging the ubiquity of the PHP programming language to make everyone more secure.| paragonie.com