Follow and Subscribe

Fastly Security Research Team

January 12, 2022
There are many benefits to adopting GraphQL, but its security implications are less understood. In this post, we’ll explore those implications and offer guidance on which defaults and…
December 14, 2021
Our new WAF efficacy framework provides a standardized way to measure the effectiveness of a WAF’s detection capabilities through continuous verification and validation. Here’s how it works.
December 14, 2021
We’re sharing our latest data and new insights into the Log4j/Log4Shell vulnerability (CVE-2021-44228 + CVE-2021-45046) in this post in order to help the engineering community cope with the…
December 10, 2021
CVE-2021-44228 is a Remote Code Execution vulnerability in the Apache Log4j library being actively exploited. We provide our observations into the exploit and a summary of its impact.
November 11, 2021
Compute@Edge, our serverless compute environment, can be used to solve headaches dealing with attackers looking to modify and manipulate resources. In this post, we tell you how.
October 18, 2021
Our Security Research Team provides guidance on how to address CVE-2021-40438, a vulnerability in Apache HTTP Server version 2.4.48 and earlier, by patching impacted version(s) and enabling…
October 7, 2021
The recent Apache HTTP Server vulnerability (CVE-2021-41773) is reportedly being exploited in the wild. Fastly already detects this vulnerability, but our next-gen WAF customers can also…
September 3, 2021
Our Security Research Team has built and deployed a rule to help protect customers of our next-gen WAF against the recently announced Confluence Server OGNL injection vulnerability, CVE-202…
March 11, 2021
Fastly’s security research team has built and deployed a rule to protect Signal Sciences Next-Gen WAF customers against the recently announced Microsoft Exchange Server vulnerabilities.