Talk to an expertTry Fastly free

Security blog

Security blogSecurity advisoriesReport a security issueSecurity documentation
March 7

The Dept. of Know Live!: 4 highlights from Rinki Sethi’s chat on success in modern security

Former Twitter CISO Rinki Sethi joined hosts Kelly Shortridge and Bea Hughes on The Dept. of Know Live! to chat about what success in modern security means. In this blog post, Rinki shares…

March 4

Gain more control with custom response codes for the Fastly Next-Gen WAF

With the introduction of custom response codes, our edge cloud network can now pick up response codes from the Fastly Next-Gen WAF and take custom action at the edge — without the need to…

February 25

Countdown to The Dept. of Know Live!: a web app and API security speaker series that goes beyond fear mongering

The Dept. of Know Live! is a virtual speaker series designed to make you think differently about web app and API security. Each episode in March will feature a different guest for a 1…

February 8

With the launch of edge deployment, the Fastly Next-Gen WAF is first in the industry to offer a fully unified web app and API security solution

The Fastly Next-Gen WAF (powered by Signal Sciences) protects apps wherever they live: on-premises, in containers, in the cloud, and — as of today — at the edge. This makes it the industry’s…

January 31

Inside Fastly: a look at our vulnerability remediation process

In this post, we present a look at our vulnerability remediation and engineering team and how they were able to roll out a recent fix for a QUIC/H2O vulnerability in under two weeks.

January 20

Open redirects: real-world abuse and recommendations

Open URL redirection is a class of web app security problems that make it easier for attackers to direct users to malicious resources. Here are some examples of how they do it and what you…

January 12

Exploring the security implications of GraphQL

There are many benefits to adopting GraphQL, but its security implications are less understood. In this post, we’ll explore those implications and offer guidance on which defaults and…

December 22

Behind the screens: 2021 in review

In this post, we’ll take a look back at the past year through the eyes of our edge cloud network to explore what we saw across new protocol adoption, security initiatives, network growth…

December 14

The WAF efficacy framework: measuring the effectiveness of your WAF

Our new WAF efficacy framework provides a standardized way to measure the effectiveness of a WAF’s detection capabilities through continuous verification and validation. Here’s how it works.

December 14

New data and insights into Log4Shell attacks (CVE-2021-44228 + CVE-2021-45046)

We’re sharing our latest data and new insights into the Log4j/Log4Shell vulnerability (CVE-2021-44228 + CVE-2021-45046) in this post in order to help the engineering community cope with the…

December 10

Digging deeper into Log4Shell - 0Day RCE exploit found in Log4j

CVE-2021-44228 is a Remote Code Execution vulnerability in the Apache Log4j library being actively exploited. We provide our observations into the exploit and a summary of its impact.

December 9

30 years of the website: five lessons for building the next 30 years

The web’s infrastructure — and the applications we build on it — must constantly evolve to meet the ever-transforming expectations of modern and future end users. We’ve gathered five lessons…

Newer postsOlder posts