Security
Page 10
-
Fastly/Signal Sciences: one year update | Fastly
Dana Wolf
When we acquired Signal Sciences, we put a stake in the ground as a company that cares about the complete delivery path and making it not just resilient and performant, but inherently secure as well. Here’s our update on that mission.
Company news+ 3 more -
Introducing right-sized web app and API protection packages
Brendon Macaraeg
Today, we launched Fastly Secure packages, a unified web app and API security solution that provides “right-sized” protection for any organization at a spend level that works for a variety of budgets.
ProductSecurity -
4 Steps to Centralized Security Tooling
Sean Leach
Here are four repeatable steps that will help you pay down your security technical debt, make your apps and APIs more secure, and move you toward consolidated security tooling.
Industry insightsSecurity -
Why don’t your security tools work anymore?
Sean Leach
As the internet landscape gets more complex, more API driven, and more distributed, many security and IT professionals are left wondering — why aren’t the security tools that were good enough a few years ago good enough now?
Industry insightsSecurity -
0-100 mph: Boosting App Security
The Fastly Collective
How to accelerate your WAF visibility from 0 to 100MPH
Security -
New research shows security tooling is at a tipping point
Brendon Macaraeg
We released a new report today in partnership with ESG Research that reveals some fascinating insights into the state of web application security tooling.
Security -
Request enrichment helps identify user data | Fastly
Brooks Cunningham
Requests passing through Fastly can be transformed in many ways. In this example, we’ll show you how to use enriched requests and our next-gen WAF to help you make more informed security decisions.
ProductSecurity -
Introducing Response Security Service
Kevin Rollinson
Our new Response Security Service provides direct, 24/7 access to our Customer Security Operations Center to help you prepare for and respond when you suspect an attack.
Security -
How to recognize and repel four high-risk attack types
Brendon Macaraeg
After years of helping protect companies across a variety of industries, we’ve come to recognize four common risk attack types. Here’s how they work and how to counter them.
Security -
4 Ways Legacy WAF Fails to Protect Your Apps
Liz Hurder
The legacy WAF isn’t ubiquitous because it’s the perfect technology. Its success comes down to being mandated, despite four ways it often fails.
Security -
Suggestive signals: how to tell good bot traffic from bad
Brendon Macaraeg
While some bots are benign search engine crawlers or website health monitors, others are on the prowl with nefarious intent, looking to execute account takeovers and compromise APIs. In this post, we’ll look at how to tell them apart in order to allow the good bots and block the bad ones.
Security -
Cranelift vetted for secure sandboxing in Compute@Edge | Fastly
Pat Hickey, Chris Fallin, + 1 more
Alongside the Bytecode Alliance, Fastly’s WebAssembly team recently led a rigorous security assessment of Cranelift, an open-source, next-generation code generator for use in WebAssembly to provide sandbox security functionality.
Industry insights+ 3 more -
Answers to your top Kubernetes security questions
Brendon Macaraeg
As Kubernetes has become widespread for container orchestration needs, it’s natural for security questions to arise. Here are answers to the Kubernetes questions we hear most often.
Security -
Memory flaw in Cranelift module
Fastly Security Research Team
The bug identified in the Cranelift x64 backend performs a sign-extend instead of a zero-extend on a value loaded from the stack, when the register allocator reloads a spilled integer value narrower than 64 bits. This interacts poorly with another optimization: the instruction selector elides a 32-to-64-bit zero-extend operator when we know that an instruction producing a 32-bit value actually zeros the upper 32 bits of its destination register. Hence, the x64 compiler relies on these zeroed bits, but the type of the value is still i32, and the spill/reload reconstitutes those bits as the sign extension of the i32’s MSB.
Security -
Prevent Wasm Compiler Bugs Early | Fastly
iximeow, Chris Fallin
We recently discovered a compiler bug in part of the WebAssembly compiler that we use for Compute@Edge, that could have allowed a WebAssembly module to access memory outside of its sandboxed heap. But because of the people, processes, and tools we have in place, the bug was caught and patched on our infrastructure before it was exploited.
SecurityWebAssembly -
More is less: stop adding to your security tool technical debt
Brendon Macaraeg
Throwing new security tools at new threats results in scattershot protection and builds technical debt. Organizations need uniform protection for applications and APIs, regardless of where they live.
Security -
API and ATO Security Challenge Addressed | Fastly
Brendon Macaraeg
New Fastly next-gen WAF dashboards surface security telemetry from more than 20 new signals for advanced attack scenarios, such as account takeover, credit card validation, and password reset.
SecurityObservability -
Fastly and Okta partner to lock down layer 7
Sean Leach
Layer 7 is a primary battleground for web application and API security. Fastly and Okta have partnered together to share threat intelligence, so security and development teams can better protect their systems.
SecurityCompany news -
Building Security Mindset in Engineering
Kevin Rollinson
Explore how leaders from both sides of the aisle have built thriving secure DevOps cultures by putting trust in people first.
SecurityDevOps -
You asked, we delivered: Terraform support for TLS is here
Joe Hoffend, Sudhir Patamsetti
Teams can now automate their Fastly TLS workflows through Terraform — including issuing certificates, retrieving TLS details, and performing other updates.
SecurityProduct