Back to blog

Follow and Subscribe

Team di ricerca sulla sicurezza di Fastly

Team di ricerca sulla sicurezza di Fastly, Fastly

Il team di ricerca sulla sicurezza di Fastly si occupa di garantire che i nostri clienti dispongano degli strumenti e dei dati necessari per mantenere sicuri i propri sistemi. Analizza e, in ultima analisi, contribuisce a prevenire gli attacchi su scala Fastly. Il team è composto da un gruppo di esperti di sicurezza che lavorano dietro le quinte per aiutarti a rimanere all'avanguardia in un panorama della sicurezza in continua evoluzione.

Page 3 of 3

  • Threat hunting network callbacks in WAF data

    Team di ricerca sulla sicurezza di Fastly, Xavier Stevens

    Threat hunting is the practice of looking for active attackers who have possibly penetrated security boundaries within an organization. WAF data can be a valuable resource in threat hunting for network callbacks. Here’s how.

    Sicurezza

  • What is TLS Fingerprinting?| Fastly

    Team di ricerca sulla sicurezza di Fastly, Xavier Stevens

    TLS fingerprinting has become a prevalent tool to help security defenders identify what clients are talking to their server infrastructure.

    Sicurezza

  • Automating and Defending Nefarious Automation

    Team di ricerca sulla sicurezza di Fastly, Simran Khalsa

    If your application is on the internet, chances are it has been subjected to nefarious automation. These events can include many different attacks – including content scraping, credential stuffing, application DDoS, web form abuse, token guessing, and more.

    Sicurezza

  • Using Client Hints to Detect Disparities

    Team di ricerca sulla sicurezza di Fastly, Simran Khalsa

    Learn how User-Agent Client Hints work, explore privacy-related features and concerns, and how the partial adoption and incompleteness of this emerging standard can be used to detect behavior disparities.

    DevOps
    + 2 more

  • Examining Chrome's TLS ClientHello Permutation | Fastly

    Jonathan Foote, Arun Kumar, + 2 more

    On January 20th, Chrome shipped an update that changed the profile of one of the most popular TLS client fingerprinting algorithms, JA3. In this short blog post we’ll describe the change and our observations across Fastly's network.

    Approfondimenti del settore
    Sicurezza

  • Command Injection CVE-2021-25296: A Deep Dive

    Team di ricerca sulla sicurezza di Fastly, Matthew Mathur

    NagiosXI versions 5.5.6 to 5.7.5 are vulnerable to three different instances of command injection.

    Sicurezza
    Approfondimenti del settore

  • CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability

    Team di ricerca sulla sicurezza di Fastly, Simran Khalsa, + 3 more

    What you need to know about CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability

    Sicurezza

  • Network Effect Threat Report: Uncovering the power of collective threat intelligence

    Team di ricerca sulla sicurezza di Fastly, Simran Khalsa, + 3 more

    Announcing the Network Effect Threat Report, Fastly’s threat intelligence report with insights based on unique data from April to June of 2023

    Sicurezza
    + 2 more

  • Back to Basics: Directory Traversal

    Team di ricerca sulla sicurezza di Fastly, Matthew Mathur

    In this post, we'll explore the application vulnerability directory traversal. What is it and how can you protect your apps from it?

    Sicurezza

  • CVE-2023-30534: Insecure Deserialization in Cacti prior to 1.2.25

    Team di ricerca sulla sicurezza di Fastly, Matthew Mathur

    We have discovered two instances of insecure deserialization in Cacti versions prior to 1.2.25, tracked as CVE-2023-30534.

    Sicurezza

  • Patch that Vuln! Identify, Triage, and Qualify CVEs

    Team di ricerca sulla sicurezza di Fastly, Simran Khalsa

    Vulnerabilities are an unfortunate inevitability. However, when using a WAF there are options for your security teams while waiting for a patch.

    Sicurezza
    + 2 more

  • WAF Simulator: Transforming DevSecOps Workflows

    Team di ricerca sulla sicurezza di Fastly, Simran Khalsa

    We're excited to announce Fastly's new WAF Simulator, which simplifies the testing process and provides the following key benefits.

    DevOps
    + 2 more

  • Active exploitation of unauthenticated stored XSS vulnerabilities in WordPress Plugins

    Team di ricerca sulla sicurezza di Fastly, Simran Khalsa, + 2 more

    We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000.

    Sicurezza
    Approfondimenti del settore

  • Back to Basics of Automated Attacks: Account Takeover

    Arun Kumar, Team di ricerca sulla sicurezza di Fastly

    Explore account takeover attacks and mitigations including modern authentication with 2FA/passkeys, and anti-bot measures to enhance account security.

    Sicurezza