encryption
Safeguard articles tagged "encryption" — guides, analysis, and best practices for software supply chain and application security.
24 articles
The AWS migration security checklist: IAM, encryption, and network segmentation
A misconfigured WAF and an over-permissioned IAM role exposed 106 million records in 2019 — here's the checklist that prevents a repeat during your AWS migration.
Symmetric vs asymmetric file encryption in Python, done correctly
AES-GCM needs a unique 96-bit nonce every single time — reuse one under the same key and GCM's authentication guarantee collapses entirely, not just confidentiality.
Symmetric vs Asymmetric Encryption in Python: A Practical Guide
One key or two? A working comparison of Fernet and RSA in Python's cryptography library — with the OAEP-vs-PKCS1v15 mistake that still causes padding-oracle bugs.
C# Cryptography Best Practices in .NET
The right way to do cryptography in C#: authenticated encryption with AesGcm, secure randomness, PBKDF2 password hashing, constant-time comparison, and the legacy APIs to stop using.
Symmetric vs Asymmetric Encryption: What's the Difference?
Symmetric encryption uses one shared key for both locking and unlocking. Asymmetric encryption uses a key pair, one public and one private. One is fast; the other solves the key-sharing problem.
Encryption vs Hashing: What's the Difference?
Encryption scrambles data so it can be unscrambled later with a key. Hashing turns data into a fixed fingerprint that can never be reversed. One protects secrets; the other verifies them.
Kubernetes Secrets Management Done Right
A Kubernetes Secret is base64, not encryption — and by default it sits in etcd in plaintext. Here is how to actually protect credentials with encryption at rest, external secret stores, and tight RBAC.
OWASP A02: Cryptographic Failures — A Deep-Dive Guide
Cryptographic Failures rank #2 in the OWASP Top 10 (2021). A deep dive into weak algorithms, key management, real CVEs, and how to detect and fix them in 2026.
What Are Cryptographic Failures
Cryptographic failures are OWASP's #2 Top 10 risk — weak, missing, or broken encryption. See real breaches, causes, and how to detect and fix them.
What is Encryption
Encryption converts readable data into ciphertext using algorithms and keys. Here's how AES, RSA, and TLS actually work — and where implementations fail.
What is TLS/SSL
TLS/SSL encrypts data in transit, but outdated versions and unpatched libraries like Heartbleed-era OpenSSL still expose real risk today.
What is a VPN
A plain-English breakdown of what a VPN is, how it encrypts traffic, and why VPN gateways have become one of the most exploited attack surfaces in enterprise networks.