Sécurité

Page 3

Inside Fastly: a look at our vulnerability remediation process

Sandra Escandor-O’Keefe

In this post, we present a look at our vulnerability remediation and engineering team and how they were able to roll out a recent fix for a QUIC/H2O vulnerability in under two weeks.

Engineering
Sécurité

Open redirects: abuse & recs [Ex.] | Fastly

Équipe de recherche en sécurité Fastly

Open URL redirection is a class of web app security problems that make it easier for attackers to direct users to malicious resources. Here are some examples of how they do it and what you can do to prevent it.

Sécurité

How to Secure your GraphQL

Équipe de recherche en sécurité Fastly, Simran Khalsa

There are many benefits to adopting GraphQL, but its security implications are less understood. In this post, we’ll explore those implications and offer guidance on which defaults and controls can support a safer GraphQL implementation.

Engineering
Sécurité

Fastly's 2021 in Review

David Belson

In this post, we’ll take a look back at the past year through the eyes of our edge cloud network to explore what we saw across new protocol adoption, security initiatives, network growth, and more.

Informations sur le secteur
4 de plus

Log4Shell attacks (CVE-2021-44228) insights | Fastly

Équipe de recherche en sécurité Fastly, Xavier Stevens, 1 de plus

We’re sharing our latest data and new insights into the Log4j/Log4Shell vulnerability (CVE-2021-44228 + CVE-2021-45046) in this post in order to help the engineering community cope with the situation. We also share our guidance around testing your environment against many of the new obfuscation methods that have been seen.

Informations sur le secteur
Sécurité

WAF framework measures WAF effectiveness | Fastly

Équipe de recherche en sécurité Fastly, Simran Khalsa, 1 de plus

Our new WAF efficacy framework provides a standardized way to measure the effectiveness of a WAF’s detection capabilities through continuous verification and validation. Here’s how it works.

Engineering
Sécurité

Log4Shell exploit found in Log4j | Fastly

Équipe de recherche en sécurité Fastly, Xavier Stevens, 1 de plus

CVE-2021-44228 is a Remote Code Execution vulnerability in the Apache Log4j library being actively exploited. We provide our observations into the exploit and a summary of its impact.

Sécurité
Engineering

30 Years of Web: Building for Tomorrow

Lee Chen

The web’s infrastructure — and the applications we build on it — must constantly evolve to meet the ever-transforming expectations of modern and future end users. We’ve gathered five lessons today’s builders can use to drive the next three decades of the web.

Informations sur le secteur
2 de plus

Grinch bots penalized w/ enriched security data & our edge cloud platform | Fastly

Brooks Cunningham

In this post, we’ll show how you can use information from an origin response to add an abuse IP address to our penalty box. We've been touting the promise of security at the edge, and this is just one example of what it can do.

Sécurité
2 de plus

30 Years of Web: Securing Tomorrow

Mike Johnson

To create more secure and resilient web experiences, we must design, build, and execute applications with security top of mind, and consider how the lessons of the past 30 years inform how we think about the future of security.

Informations sur le secteur
Sécurité

30 Years of Web: Future-Ready Apps

Jana Iyengar

Many websites today are really applications, and we should be building them as such. To do that, we need application architectures and networks that are capable of supporting fast, secure, and scalable user experiences. We must embrace a more dynamic mindset in how we approach web development and consider the tools we need to get there.

Informations sur le secteur
3 de plus

30 Years of Web: Future Demands

Davin Camara

As we look back to celebrate the 30th anniversary of the website, it’s also worth thinking about the next 30 years. There are a couple of areas where we — as engineers, developers, and builders in general — can champion innovation, mainly around architecture and security.

Informations sur le secteur
5 de plus

Subresource monitoring with Compute

Équipe de recherche en sécurité Fastly

Compute, our serverless compute environment, can be used to solve headaches dealing with attackers looking to modify and manipulate resources. In this post, we tell you how.

Sécurité
Compute

Preventing SSRF: Apache CVE-2021-40438 | Fastly

Équipe de recherche en sécurité Fastly

Our Security Research Team provides guidance on how to address CVE-2021-40438, a vulnerability in Apache HTTP Server version 2.4.48 and earlier, by patching impacted version(s) and enabling a new templated rule to prevent exploitation.

Engineering
Sécurité

Protect against Apache vulnerability | Fastly

Équipe de recherche en sécurité Fastly

The recent Apache HTTP Server vulnerability (CVE-2021-41773) is reportedly being exploited in the wild. Fastly already detects this vulnerability, but our next-gen WAF customers can also create a rule to block exploitation.

Sécurité

DevOps Practices Primed to Combat Threats | Fastly

Brendon Macaraeg

Organizations implementing DevOps practices often sacrifice security for speed, exposing them to potential threats. In reality though, many DevOps practices are already primed for security initiatives.

Sécurité
DevOps

The Importance of Securing Applications & Security in DevOps

Julie Rockett

Forrester’s 2021 Annual State of Application Security Report stresses the need for updated application security tools that can be easily integrated into development plans and architecture.

Sécurité
DevOps

Integrating Security in DevOps

Brendon Macaraeg

Your organization may have operational and cultural roadblocks to overcome when it comes to integrating security and DevOps. These tips can help you ensure a smooth transition to more secure DevOps.

DevOps
Sécurité

Legacy vs next-gen WAF: the differences matter

Brendon Macaraeg

Compare legacy versus next-gen WAFs to see what sets them apart. Determine if your company can benefit from a next-gen approach.

Sécurité

6 essential features of modern web app & API security tools

Julie Rockett

Modern applications need modern security tools that include flexible deployment, DevOps support, and strong API protection. Here are the six most important characteristics of modern web app and API security tools.

Sécurité