Security Learning Hub

MD5 was once the gold standard for cryptographic hashing. Today it's considered cryptographically broken for security use — but it's still everywhere. Here's why, and what to use instead.

JSON Web Tokens are everywhere in modern web authentication — but most developers use them without understanding what's inside. This guide decodes the mystery.

HTTPS and SSL/TLS are synonymous with web security — but most people don't know what they actually protect against, or more importantly, what they don't protect against.

Why can't you just SHA-256 a password? Understanding the difference between hashing for data integrity versus hashing for password storage is critical for any developer.

Base64-encoded strings look like gibberish — but they're trivially decodable. Understand the difference between encoding, encryption, and hashing.

What makes a vulnerability Critical vs High vs Medium? Learn how the CVSS scoring system works and how to use it to prioritize your patch management.