Back to blog

Follow and Subscribe

Security

Page 12

  • 5 best practices for your TLS configuration

    Maria Espada

    The TLS Support Engineering team provides support for customers managing one to thousands of certificates. After helping so many customers tailor their DNS and TLS configurations, they have five best practices to recommend.

    Security

  • Prepare for DDoS attacks: 5 steps to take | Fastly

    Gino Lang

    Layer 7 attacks that target applications and issue requests that can swamp origin systems often seek to blend into other network traffic and require a more focused defense than Layer 3 and 4 attacks. Here are five best practices you can implement to help prepare for such attacks.

    Industry insights
    Security

  • Signal Sciences named Visionary in 2020 Magic Quadrant for Web Application Firewalls for second year | Fastly

    Kevin Rollinson

    We believe Signal Sciences’ innovation earned them recognition in the 2019 Gartner Magic Quadrant for WAF, and it’s this kind of innovation that excites us as we merge forces — now that Signal Sciences is part of Fastly.

    Product
    Security

  • Lessons Learned from Side-Channel Attacks

    Patrick McManus

    The largest category of difficult-to-anticipate security design weaknesses come from side-channel attacks. In this post, we take a tour of some of the more foundational and out-there side channel-related exploits that have afflicted the security conscious over the years.

    Industry insights
    Security

  • Fastly and Signal Sciences join forces

    Joshua Bixby, Andrew Peterson

    Today, Fastly completed the acquisition of Signal Sciences and took a giant step forward toward our vision of modern, unified web application and API security. We will call on our shared view of empowering developers as we chart a path toward building an incredibly secure, performant platform and unlock all-new possibilities, together.

    Company news
    Security

  • Web Application Firewall (WAF) Best Practices

    Liam Mayron

    Following WAF best practices is imperative to keep your business and customers secure. Learn about new regulations and security tips.

    Security

  • Incorrect Delivery of Partial Log

    Fastly Security Research Team, The Fastly Security Technical Account Management Team

    On July 29th at 00:00 UTC, Fastly was notified by a customer (customer X) that a single log line intended for a different customer (customer Y) was received by customer X’s log system. Fastly promptly began to investigate and determined that when a complex series of conditions occur, a log line may be misrouted to an incorrect logging service. We were able to trace the root cause to an error in logic introduced by Fastly to improve performance in April 2012. This single report from one customer is the only instance that Fastly is aware of, where all necessary conditions aligned simultaneously in eight years.

    Security

  • Fastly to Acquire Signal Science for Security at Scale | Fastly

    Joshua Bixby

    Security has always been a part of Fastly’s DNA, not just within products, but in our vision of trust and safety as a modern platform. Today, we are pleased to announce that we have announced our intent to acquire Signal Sciences.

    Company news
    Security

  • Hard-earned insights from a pair of secure DevOps pros

    Liam Mayron

    Fastly CISO Mike Johnson and Brave Software Senior DevOps Engineer Ben Kero share their practical advice for cementing more holistic security practices within your CI/CD pipeline.

    DevOps
    + 2 more

  • Fastly Security Advisory: Cache Poisoning Vulnerability Leveraging X-Forwarded-Host Header

    Fastly Security Research Team, The Fastly Security Technical Account Management Team

    Fastly was notified of the issue on May 21, 2020 13:30 UTC. Fastly immediately launched an investigation, identifying which origin servers responded with a test port number in the redirect response, in order to understand the vulnerability and possible solutions. After the investigation, Fastly first notified potentially affected customers on July 15, 2020 at 04:30 UTC. The vulnerability is a variant of a [previously reported vulnerability](https://www.fastly.com/security-advisories/cache-poisoning-leveraging-various-x-headers), and ultimately the result of constructing cacheable origin responses based on user-defined data. The issue occurs when an attacker issues an HTTPS request and specifies within the Host header a port number that is not actually being used for any services. It is possible to cache a resource in such a way as to deny future requests from being serviced properly.

    Security

  • Cloud Security for Developers

    Stephen Kiel

    If you’re evaluating web application security tools exclusively for their security requirements, you may be missing one of the most essential opportunities to successfully grow your secure DevOps culture: developer-centricity.

    Security
    DevOps

  • Fastly’s security DNA: a look at our culture of safety, privacy, and trust

    Dana Wolf

    Fastly's heritage of security runs deep — far beyond our portfolio of web application and API security products. Our philosophy of developer empowerment, focus on community, and values-driven culture each contribute to our security DNA in an important way. And we'd like to tell you how.

    Security
    + 2 more

  • Why Compute does not yet support JavaScript

    Sean Leach

    Building our own compiler toolchain allows Compute to be both performant and secure. It also means we have to bring developers’ most-loved language into the fold in the right way.

    Performance
    + 3 more

  • TLS 1.3 is faster, more robust, and now available

    Sudhir Patamsetti

    TLS 1.3 is now available for Fastly customers. The newest version of the TLS protocol, TLS 1.3 is designed to improve the performance and security of traffic served over HTTPS.

    Security
    Performance

  • WAF & logging integrations added | Fastly

    Mandy Sparber, Patrick Francois

    Using integrations with BigQuery and Looker, we’ve created 15 chart templates that help you effectively monitor security events on your sites and applications, in real time.

    Security
    Observability

  • Three ways TLS 1.3 protects origin names

    Patrick McManus

    The newest version of Transport Layer Security, TLS 1.3, is faster, more robust, and more responsive than ever before. Explore three ways it will help HTTPS protect origin names for improved confidentiality.

    Security
    + 2 more

  • 5 tips for creating a secure DevOps culture

    Kevin Rollinson

    Integrating security into your DevOps cycle isn’t something that happens overnight. Here are five tips for building a culture in which secure DevOps can thrive, enabling your team to build secure apps quickly.

    Culture
    + 2 more

  • Preventing Server Side Request Forgery (SSRF)

    The Fastly Collective

    Learn about the technical details of SSRF, how it was utilized in the Capital One breach, why it’s so critical to understand for today’s cloud-hosted web apps, and how organizations can protect their web applications and APIs from such attacks.

    Security

  • TLS with Fastly is now easier and more flexible

    Blake Dournaee

    Fastly now offers two new TLS services for the trust, flexibility, and scalability customers need to bring the best of the internet to life.

    Security
    Product

  • Protecting WebSocket Protocol Apps and APIs with Fastly

    The Fastly Collective

    The 4.2 release of the Fastly agent introduces WebSocket traffic inspection, enabling customers to extend the coverage of applications, APIs, and microservices protected by Fastly’s Next-Gen WAF to apps and services that utilize the WebSockets protocol.

    Security
Fastly
© Fastly 2025