Securing the PHP Community with Paragon Initiative Enterprises Hosted Services -...

Securing the PHP Community with Paragon Initiative Enterprises Hosted Services

October 31, 2017 8:32 pm by P.I.E. Staff

Last week, our security expert introduced Certainty, our CA-Cert automation library, which we designed to make disabled certificate validation an extinct vulnerability in the PHP ecosystem.

Most of our open source software projects have historically fallen into the local developer tools genre.

• EasyDB wraps PDO and makes it more user-friendly and secure-by-default.
• random_compat is a pure-PHP polyfill of the PHP 7 CSPRNG functions, allowing PHP 5-compatible open source projects to develop against the new random_bytes() / random_int() API without usability breaks.
• sodium_compat is a pure-PHP polyfill of (most of) ext/sodium, allowing open source projects that support versions of PHP older than 7.2 to use the new libsodium features without usability breaks.

However, there has been an increasing need for security-oriented, self-hostable microservices. With that in mind, we'd like to introduce you to PIE-Hosted.com.

PIE-Hosted.com: Open Source Security-Oriented Microservices

Everything we host on PIE-Hosted.com, including the website itself, will be released to the public as open source software. Our guiding principle is that everything we provide on this namespace should be easy for most developers to self-host.

Some examples of projects we intend to host in the immediate future include:

• Chronicle instances
  • The Chronicle instance for the PHP community is live
  • Several other Chronicle instances are planned, but not yet spun up
  • Client registration is not yet implemented in pie-hosted.com; until then, please contact our security team with your Public Key and what PHP project you represent we will respond with a Client ID as soon as we can
• Discretion instances
  • Discretion is a microservice for GPG-encrypted "Contact Us" forms
  • Currently under development

As we become aware of more security pain-points that we can develop usable and robust solutions for, we will be adding to this suite of hosted microservices.

Thank You for Working With Us

None of our work to improve the security of the PHP ecosystem would be possible if it weren't for our clients for choosing to hire us to consult on security and application development matters since our company was founded in early 2015. We hope to continue to provide value to everyone who produces or consumes PHP software.

Paragon Initiative Enterprises

Paragon Initiative Enterprises is a Florida-based company that provides software consulting, application development, code auditing, and security engineering services. We specialize in PHP Security and applied cryptography.