Justin Le is the founder and editor of ToolSec. He builds the site's tools and writes its guides and research, with a focus on making practical security, networking and DevOps knowledge fast to use and easy to understand.
He started ToolSec to solve a recurring frustration: online utilities that are slow, cluttered with ads, or — worst of all — quietly send your data to a server. Every ToolSec tool runs entirely in your browser, and every tool page explains the concept behind it, so you don't just get an answer, you understand it.
Connect on LinkedIn to share feedback, corrections, or ideas for new tools.
Areas of focus
Network & IPCryptography & encodingPasswords & authenticationDevOps toolingSecurity & compliance
Research by Justin Le
- How Many CVEs Are Published Each Year? The Vulnerability Explosion Vulnerability disclosures hit a record 48,185 in 2025 — roughly 133 a day. The year-by-year numbers, why the curve is bending upward, and what it means for defenders.
- IPv6 Adoption in 2026: The Year It Crossed 50% In March 2026, IPv6 quietly hit a milestone: for the first time, the majority of Google's traffic ran over IPv6. Here's what the data shows — and why sources disagree.
- How Long Does It Take to Crack a Password? (2026 Data) A computed brute-force time table by password length and character set — showing exactly why length beats complexity. Transparent, reproducible model.
Guides by Justin Le
- What Is a Subnet? CIDR Notation Explained
- What Is a JWT and How Does It Work?
- Bcrypt vs SHA-256: Why You Don't Hash Passwords with SHA
- How to Create a Strong Password (and Why Length Wins)
- What Is Base64 Encoding? (And Why It's Not Encryption)
- HMAC Explained: How Webhook Signatures Work
- Unix Timestamps Explained: Epoch, Seconds vs Milliseconds
- 301 vs 302 Redirects: Which to Use (and Why It Matters for SEO)
- IPv4 vs IPv6: What's the Difference?
- MD5 vs SHA-1 vs SHA-256: Which Hash Should You Use?
- Cron Syntax Cheat Sheet: How to Read Cron Expressions
- What Is a UUID? v4 vs v7 Explained
- URL Encoding Explained (Percent-Encoding)
- JSON vs YAML: When to Use Each
- Regex Basics: A Beginner's Guide to Regular Expressions
- What Is HTTP Basic Authentication?
- What Is an API Key? (And How to Keep It Secret)
- Hexadecimal Explained: Why Programmers Use Hex
- What Is GDPR? Fines and Compliance Basics
- What Is Ransomware? How Attacks Work and What They Cost
- What Is a Hash Function?
- What Is an IP Address?
- What Is Two-Factor Authentication (2FA)?
- Subnetting Cheat Sheet: CIDR, Masks & Host Counts
- Encoding vs Encryption vs Hashing: What's the Difference?
- What Is a Data Breach? Causes, Costs and Response
- JWT vs Session Cookies: Which Auth Should You Use?
- What Is a Salt in Password Hashing?
- What Is the CSV Format? Delimiters, Quoting & Pitfalls
- HMAC vs Digital Signatures: What's the Difference?
- How Binary Works: Binary Numbers Explained
- Security ROI: How to Justify a Security Budget