Defend against credential stuffing attacks with proof of work
With attackers using publicly available lists of compromised passwords in an attempt to steal accounts, proof of work is a good way to slow the attackers down.
Defend against credential stuffing attacks with proof of work
With attackers using publicly available lists of compromised passwords in an attempt to steal accounts, proof of work is a good way to slow the attackers down.
Trust at scale: Introducing Platform TLS and Subscriber Provided Prefix
Today we’re announcing two new offerings on the Fastly platform: Platform TLS and Subscriber Provided Prefix. Both empower companies to provide fast, secure web experiences to their customers and end-users, while reducing the workload on…
Fastly's Response to SegmentSmack
A remotely exploitable denial-of-service (DoS) attack against the Linux kernel, called SegmentSmack, was made public on August 6th, 2018 as CVE-2018-5390. Fastly was made aware of this vulnerability prior to that date through a responsible…
Introducing Quick Value Packages
Keeping your digital presence continuously tuned, optimized, and secure to align with changing business and technical requirements can be time consuming. That’s why we’ve put together our Quick Value Packages — a collection of expert…
Building the WAF test harness
To help our customers secure their sites and applications — while continuing to give their users reliable online experiences — we’ve built a performant, highly configurable, and comprehensive Web Application Firewall (WAF). In order to…
DDoS attacks: how to protect + mitigate
In part one of this series, we took a look at the evolving DDoS landscape, offering a sense of what’s out there in terms of attack size and type to help better inform decisions when…
Requiring TLS 1.2 for the Fastly API & control panel
As part of our vision for defending the modern web, the Fastly engineering teams are focused on providing you with a robust and secure platform that empowers you to protect your customers. Because we’re committed…
Videos from part 3 of our Security Speaker Series
On October 26, we hosted an evening of drinks, snacks, and an excellent security discussion with the security research and engineering communities. Folks gathered at Bespoke Central Lounge in downtown San Francisco to hear from…
The evolving DDoS landscape
As an edge cloud platform, Fastly is in a unique position to monitor DDoS attack patterns and trends as they evolve. In this post, Jose Nazario, Sr. Director of Security Research, and Ryan Landry, Director…
Security Speaker Series, part 3
We’re pleased to announce the next installment of our Security Speaker Series, which brings together researchers and engineers to share research, tools, and ideas. Join us for drinks, snacks, and a few hours of excellent…
Building the Fastly WAF
In keeping with our security team’s vision for defending the modern web, we launched our Web Application Firewall (WAF) to help our customers secure their sites and applications while providing reliable online experiences for their…
Deliberate practice in information security
Deliberate practice is the act of performing a set of tasks that are just slightly more difficult than what you’re used to, so you can get better at a specific activity and move from a…
The problem with patching in addressing IoT vulnerabilities
We need technology to provide capabilities to tackle the challenge of the cybersecurity gaps, recently highlighted by the WannaCry attacks. In this post, Director of Security Research Jose Nazario will explore these challenges as well…
How to bootstrap self-service continuous fuzzing
OSS-Fuzz is an innovative project that is both advancing the state of the art in OSS security engineering and immediately improving the overall quality of the software that serves the internet. In this blog post,…
The IoT industry’s response to emerging threats
Late last year, we took a look at how the Internet of Things (IoT) is under attack. We analyzed hundreds of individual IoT devices to see how often they were probed for vulnerabilities, with the…
Phase two of our TLS 1.0 and 1.1 deprecation plan
In February of last year we updated you on our plans to deprecate TLS 1.0 and 1.1 due to a mandate by the PCI Security Standards Council as well as our continued commitment to maintaining…
The anatomy of an IoT botnet attack
We took a look at some of the more recent (and troubling) threats on the internet, and found that the emerging IoT market is under attack. Internet-connected devices are being churned out of factories and…
Forward secrecy and a reminder about Fastly security advisories
We publish our security advisories to address vulnerabilities discovered on our own platform, as well as significant security vulnerabilities that affect the wider internet community.
Lean Threat Intelligence, Part 4: Batch alerting
In Part 3, we showcased a technology that allows you to route messages to and from topics via Kafka. Now that data is flowing, how can you start monitoring and reacting to security events? In…
Best practices for protecting your domain
We continuously work on making the edge more secure, and develop features you can leverage to protect your applications. However, in order for you to benefit from these investments, there are steps you should take…