Introducing the Adobe Common Controls Framework (CCF) version 2.0

MAVLink: Helping to Improve Our Cloud Services Hygiene

Help Avoid DNS Takeovers

Ongoing Research

Connect with us

Help Avoid DNS Takeovers

Click here to read this article.

Ongoing Research

Better Security Hygiene for Containers

Click here to read this article.

Security Automation

The OSCP Gauntlet

As a developer who works mainly on the defensive side of the software security battle, it's easy to lose sight of the difference in com...

Adobe & Splunk CTF Competition

A hallmark of an engaged team is continuous learning and improvement. And this is no different for a SOC (Security Operations Center) t...

How Adobe Helps Protect You from Email Phishing

Email has always been a tool of choice cybercriminals.  By capitalizing on an established company’s brand reputation, they can send ...

Leveraging Security Headers for Better Web App Security

Modern browsers support quite a few HTTP headers that provide an additional layer in any defense-in-depth strategy. If present in an HT...

OWASP, IR, ML, and Internal Bug Bounties

A few weeks ago, I traveled to the OWASP Summit located just outside of London. The OWASP Summit is not a conference. It is a remote of...

Lessons Learned from Improving Transport Layer Security (TLS) at Adobe

Transport Layer Security (TLS) is the foundation of security on the internet. As our team evolved from primarily consultative role to s...

Getting Secrets Out of Source Code

Secrets are valuable information targeted by attackers to get access to your system and data. Secrets can be encryption keys, passwords...

Developing an Amazon Web Services (AWS) Security Standard

Adobe has an established footprint on Amazon Web Services (AWS).  It started in 2008 with Managed Services, and expanded greatly with ...

Evolving an Application Security Team

A centralized application security team, similar to ours here at Adobe, can be the key to driving the security vision of the company. I...

Critical Vulnerability Uncovered in JSON Encryption

If you are using go-jose, node-jose, jose2go, Nimbus JOSE+JWT or jose4 with ECDH-ES please update to the latest version. RFC 7516 aka J...

Building Better Security Takes a Village

Hacker Village was introduced at Adobe Tech Summit in 2015. The Hacker Village was designed to provide hands-on, interactive learning a...

Security Automation Part III: The Adobe Security Automation Framework

In previous blogs [1],[2], we discussed alternatives for creating a large-scale automation framework if you don’t have the resources ...