Comparisons

Symmetric vs asymmetric encryption—how they differ and how modern systems use both together.

Understand the difference between Base64 encoding and URL encoding, when to use each, and common mistakes developers make.

Understand the difference between SHA-256 hashing and HMAC-SHA256, when to use each, and how they relate to integrity and authentication.

Symmetric uses one shared key; asymmetric uses a public/private key pair. Learn how each works, when to use AES vs RSA, and why modern systems use both.

MD5 is fast but cryptographically broken. SHA-256 is the current standard. Compare output size, collision resistance, speed, and when to use each.

Compare bcrypt, Argon2id, and PBKDF2 for secure password storage. Understand work factors, memory hardness, GPU resistance, FIPS compliance, and which to use today.

AES-GCM provides authenticated encryption (AEAD) and is mandated by TLS 1.3. AES-CBC provides confidentiality only and is vulnerable to padding oracle attacks. Compare modes, security risks, and use cases.

ECC achieves equivalent security to RSA with dramatically smaller keys — a 256-bit ECC key matches a 3072-bit RSA key. Compare performance, signature size, key sizes, and when to use each in TLS, JWT, and SSH.

API keys are simple and easy to revoke; JWTs are stateless and carry embedded claims. Compare their trade-offs and learn which to use for your use case.

JWTs are stateless and self-contained; session cookies require server-side storage but offer easy revocation. Compare trade-offs and learn which to choose for your auth system.

API keys are simple opaque credentials suited for server-to-server calls; OAuth delegates user authorization without sharing passwords. Compare use cases, complexity trade-offs, and migration considerations.

OAuth 2.0 handles authorization (access tokens); OIDC adds authentication (ID tokens, user identity) on top. Understand when you need both and the implementation mistakes that mix them up.

JSON is lightweight and maps to objects natively; XML adds namespaces, schemas, and document structure. Compare verbosity, validation, streaming, and real-world use cases to pick the right format.

CSV is simpler and better for tabular data; JSON handles nested structures and is the standard for APIs. Compare verbosity, schema support, tooling, and real-world use cases.

CSV is plain text and universally portable; Excel (.xlsx) adds data types, formatting, multiple sheets, and formulas. Compare file size, automation compatibility, and use cases for analytics, pipelines, and human editing.

YAML supports comments, multi-line strings, and cleaner syntax for human-authored configs. JSON is stricter, universally supported, and the standard for APIs. Compare structure, tooling, validation, and failure modes.

HTTPS is HTTP over TLS — it adds encryption, server authentication, and data integrity. Learn why HTTPS is the baseline for all web traffic, what it does and does not protect, how it affects performance, and common migration mistakes.

DNS routing resolves domain names to IP addresses before a connection is made. HTTP routing directs requests to backends based on path, hostname, or headers after the connection is established. Most production systems use both together.

Understand how reverse proxies and load balancers differ in purpose, layer, and usage — with a comparison table and typical modern architecture.

Webhooks push events to your server in real time; polling pulls data on a schedule. Compare efficiency, reliability, complexity, and use cases to choose the right integration pattern for your SaaS.

REST is simple and cacheable; GraphQL eliminates over-fetching with precise queries. Compare flexibility, caching, complexity, and real-world use cases.

Webhooks push events to an external HTTP endpoint in real time; message queues buffer events internally for reliable async processing. Compare delivery model, retry behavior, ordering, failure recovery, and use cases.

Webhooks push HTTP callbacks to a single endpoint; event streaming platforms (Kafka, Kinesis, Pub/Sub) persist events in a durable log for multiple consumers. Compare delivery model, ordering, fan-out, replay, and complexity.