Ongoing Research

Click here to read this article.

Click here to read this article.

As a developer who works mainly on the defensive side of the software security battle, it's easy to lose sight of the difference in com...

A hallmark of an engaged team is continuous learning and improvement. And this is no different for a SOC (Security Operations Center) t...

Email has always been a tool of choice cybercriminals.  By capitalizing on an established company’s brand reputation, they can send ...

Modern browsers support quite a few HTTP headers that provide an additional layer in any defense-in-depth strategy. If present in an HT...

A few weeks ago, I traveled to the OWASP Summit located just outside of London. The OWASP Summit is not a conference. It is a remote of...

Transport Layer Security (TLS) is the foundation of security on the internet. As our team evolved from primarily consultative role to s...

Secrets are valuable information targeted by attackers to get access to your system and data. Secrets can be encryption keys, passwords...

Adobe has an established footprint on Amazon Web Services (AWS).  It started in 2008 with Managed Services, and expanded greatly with ...

A centralized application security team, similar to ours here at Adobe, can be the key to driving the security vision of the company. I...

If you are using go-jose, node-jose, jose2go, Nimbus JOSE+JWT or jose4 with ECDH-ES please update to the latest version. RFC 7516 aka J...

Hacker Village was introduced at Adobe Tech Summit in 2015. The Hacker Village was designed to provide hands-on, interactive learning a...

In previous blogs [1],[2], we discussed alternatives for creating a large-scale automation framework if you don’t have the resources ...