You appear to be offline. Some site functionality may not work.
Sign Up

Fastly Blog

Security

TLS 1.2-only delivery is now available

Earlier this year we updated you on our revised deprecation plan for TLS 1.0 and 1.1. We’re happy to announce that you can now request migration to TLS 1.2-only hosts if you’ve purchased a paid…

Announcing Limited Availability for HTTP/2

As promised in March of this year, we are excited to announce that our HTTP/2 Limited Availability (LA) program is here. Here’s how you get started.

Recapping our second Fastly Security Speaker Series

On May 25, we had over 50 security researchers and engineers from the Bay Area and beyond in our San Francisco office for our recurring Fastly Security Speaker Series. This event focused on hardware security,…

Announcing the second edition of the Fastly Security Speaker Series!

In February, our Chief Security Officer Window Snyder announced the Fastly Security Speaker Series, which we created to share cutting edge security topics with the wider community. We hosted over 50 security researchers and engineers...

Lean Threat Intelligence Part 2: The foundation

In part 1, I discussed the general workflow the Threat Intelligence team at Fastly uses to plan for projects. After performing research and seeing what others have done in this space, we can now move…

How college security competitions help us build great security teams

Building a great team is one of the most difficult challenges security managers encounter. Luckily, there are a few initiatives that make things easier on us, including the Information Security Talent Search (ISTS) at the…

Recap of the Fastly Security Speaker Series

On February 25, we hosted 50+ security researchers and engineers from the Bay Area and beyond in our San Francisco office for the first event in the Fastly Security Speaker Series. This event brought together…

Lean Threat Intelligence, Part 1: The plan

Fastly Security Researcher Zack Allen discusses how you can draw from open source resources to build a lean and powerful Threat Intelligence plan for your organization.

Introducing Fastly Security Advisories

Today we’re announcing Fastly Security Advisories. Fastly will publish these to address security concerns that either trigger customer interest or require customer action to address.

Introducing the Fastly Security Speaker Series

Today we’re announcing the Fastly Security Speaker Series, an informal event for bringing together researchers and engineers to share research, tools, and ideas. Fastly will bring some of the most innovative and thoughtful security researchers…

Update to our TLS 1.0 and 1.1 deprecation plan

Last October, we announced our deprecation plan for TLS 1.0 and 1.1. The PCI Security Standards has since updated their guidance, and we are revising our deprecation schedule accordingly.

Securing online transactions: announcing our plan for TLS 1.0 and 1.1 deprecation

The PCI DSS 3.1 standard has changed. In order to keep you up-to-date and secure online, we’re announcing our plan for TLS 1.0 and 1.1 deprecation.

Engineering a more resilient internet

Fastly Director of Security Engineering Maarten Van Horenbeeck shares his experiences of how the security community can protect the “global commons” that the internet has become.

GitHub’s Joe Williams discusses mitigating security threats

At Fastly Altitude 2015, Joe Williams, a computer operator at GitHub, gave a talk on mitigating security threats (like DDoS attacks) with a CDN. This post is an overview of his talk, with full video…

How to fuzz a server with American Fuzzy Lop

In this blog post, I’ll describe how to use AFL’s experimental persistent mode to blow the doors off of a server without having to make major modifications to the server’s codebase. I’ve used this technique…

FREAK does not affect Fastly services

Fastly is not vulnerable to Logjam — we only offer the more secure Elliptic Curve variant of the Diffie-Hellman key exchange (ECDHE), and the RSA key exchange mechanism for clients that don’t support ECDHE. Since…

Improving visibility into CA operation with Certificate Transparency

If you follow the security news cycle, you may have seen recent discussions about Google detecting a Certificate Authority (CA) in China improperly issuing certificates capable of transparently (that is, without warning) imitating Google...

Addressing the challenges of TLS, revocation, and OCSP

Rotation, expiration, and revocation of secrets are all important concerns that require careful and difficult up-front design. Transport Layer Security (TLS), the protocol underlying secure web traffic (HTTPS), is one of the cryptographic systems with…

March 19 OpenSSL Security Advisory

Fastly has evaluated each of these vulnerabilities and found that only one moderate-severity bug affects our configuration. We are currently testing the patch and coordinating a global release of the updated software across Fastly’s network….

TLS at the edge and server-side security

We’re huge fans of Transport Layer Security (TLS) at Fastly. Here’s a behind-the-scenes look at how we do encryption at the edge, which can also serve as overall best practices for handling server-side...