Introducing Tripod: an Open Source Machine Learning Tool

The Human Element and Security Awareness

Automating Secure Firewall Change Requests

Secure Product Lifecycle (SPLC)

Connect with us

Automating Secure Firewall Change Requests

Click here to read this article.

Security Automation

Adobe Receives 2020 CSO50 Award from IDG’S CSO

Click here to read this article.

In the News

Updating our Technical Security Training and Advancement Program

Click here to read this article.

Secure Product Lifecycle (SPLC)

A Data-Driven Blueprint to Scaling Cloud Operations Security (Part 2 of 2)

Click here to read this article.

Security Automation

A Data-Driven Blueprint to Scaling Cloud Operations Security (Part 1 of 2)

Click here to read this article.

Security Automation

Sharpening Technical Skills at the Adobe Security Mini Summit

Click here to read this article.

Community

MAVLink: Helping to Improve Our Cloud Services Hygiene

Click here to read this article.

Security Automation

Growing Our Security Champions

Click here to read this article.

Secure Product Lifecycle (SPLC)

Leveraging Security Headers for Better Web App Security

Modern browsers support quite a few HTTP headers that provide an additional layer in any defense-in-depth strategy. If present in an HTTP response, these headers enable compatible browsers to enforce certain security properties.

OWASP, IR, ML, and Internal Bug Bounties

A few weeks ago, I traveled to the OWASP Summit located just outside of London. The OWASP Summit is not a conference. It is a remote offsite event for OWASP leaders and the community to brain storm on how to improve OWASP. 

Lessons Learned from Improving Transport Layer Security (TLS) at Adobe

Transport Layer Security (TLS) is the foundation of security on the internet. As our team evolved from primarily consultative role to solve problems for the entire company, we chose TLS as one of the areas to improve.

Getting Secrets Out of Source Code

Secrets are valuable information targeted by attackers to get access to your system and data. Secrets can be encryption keys, passwords, private keys, AWS secrets, Oauth tokens, JWT tokens, Slack tokens, API secrets, and so on.

Developing an Amazon Web Services (AWS) Security Standard

Adobe has an established footprint on Amazon Web Services (AWS).  It started in 2008 with Managed Services, and expanded greatly with the launch of Creative Cloud in 2012 and the migration of Business Catalyst to AWS in 2013.

Evolving an Application Security Team

A centralized application security team, similar to ours here at Adobe, can be the key to driving the security vision of the company. It helps implement the Secure Product Lifecycle (SPLC) and provide security expertise within the organization.