Security blog

September 3

Our Security Research Team has built and deployed a rule to help protect customers of our next-gen WAF against the recently announced Confluence Server OGNL injection vulnerability, CVE-202…

August 10

Companies using an average of 11 web application and API security tools should be able to rest easy, but the vast majority of them report successful attacks are still getting through. These…

August 2

When we acquired Signal Sciences, we put a stake in the ground as a company that cares about the complete delivery path and making it not just resilient and performant, but inherently secure…

July 27

Today, we launched Fastly Secure packages, a unified web app and API security solution that provides “right-sized” protection for any organization at a spend level that works for a variety…

July 26

Here are four repeatable steps that will help you pay down your security technical debt, make your apps and APIs more secure, and move you toward consolidated security tooling.

July 22

As the internet landscape gets more complex, more API driven, and more distributed, many security and IT professionals are left wondering — why aren’t the security tools that were good…

July 12

We released a new report today in partnership with ESG Research that reveals some fascinating insights into the state of web application security tooling.

June 30

Requests passing through Fastly can be transformed in many ways. In this example, we’ll show you how to use enriched requests and our next-gen WAF to help you make more informed security…

June 29

Our new Response Security Service provides direct, 24/7 access to our Customer Security Operations Center to help you prepare for and respond when you suspect an attack.

June 25

After years of helping protect companies across a variety of industries, we’ve come to recognize four common risk attack types. Here’s how they work and how to counter them.

June 17

The legacy WAF isn’t ubiquitous because it’s the perfect technology. Its success comes down to being mandated, despite four ways it often fails.

June 16

While some bots are benign search engine crawlers or website health monitors, others are on the prowl with nefarious intent, looking to execute account takeovers and compromise APIs. In this…