All Blog Posts

Encryption Decryption Tool

Building a custom dual-algorithm encryption tool using AES-GCM and RSA with Python and Docker, culminating in a hybrid encryption approach used in real-world systems like TLS and PGP.

Password Strength Analyzer

A Python-based password strength tool featuring entropy calculation, SHA-1 hashing, and real-time breach detection via the Have I Been Pwned API using k-Anonymity. Includes a responsive tkinter GUI with a live strength meter, color-coded scoring, and threaded API calls to keep the interface responsive.

Breaking Weak RSA: A Classic CTF Walkthrough

picoCTF Writeup: Rust Fixme 1 - Basic Syntax

Diving into Rust for the first time! Fixing basic compiler errors, missing semicolons, and learning print formatting to decrypt a picoCTF flag.

picoCTF Writeup: Rust Fixme 2 - Battling the Borrow Checker

Taking on Rust's notorious borrow checker. Learning how to properly pass mutable references (&mut) to functions to modify strings and capture the flag.

picoCTF Writeup: Rust Fixme 3 - Stepping into Unsafe Rust

Exploring Rust's memory security features by working with raw pointers. Learning why and how to wrap code in 'unsafe' blocks to bypass compiler restrictions.

API Key vs OAuth 2.0 Access Token

A clear comparison of API Keys and OAuth 2.0 Access Tokens — what they are, how they work, and when to use each one.

OAuth 2.0 vs OpenID Connect (OIDC)

Understanding the key difference between OAuth 2.0 and OpenID Connect, and why OIDC should be used for authentication instead of raw OAuth.

The OWASP Top 10 (2025) & Why It Matters for Enterprise Security at WSO2

A comprehensive breakdown of the 2025 OWASP Top 10 web application security risks and their critical relevance to middleware and IAM providers like WSO2.

Authentication vs Authorization

Understanding the key differences between Authentication and Authorization, and how to implement them in web applications using JWTs, RBAC, and industry-standard protocols.