Fastly Security Research Team
Building stronger security solutions through research.
Our approach and focus areas
The Fastly Security Research team serves as a trusted advisor and subject matter expert in security to our customers, internal teams, and the broader community. We use research, analysis, and visibility across both our unique data and the overall threat landscape to inform and defend our customers from emerging threats.
Approach
Fastly's Security Research Team is chartered to advance threat intelligence, adversary emulation, defensive research, and community empowerment. Our team focuses on continuously analyzing the threat landscape and applying that knowledge to the technology, processes, and mitigations that Fastly offers to its customers. Our understanding of threats works from multiple angles, including our own exploitation research, strong intelligence partnerships with private/public partners, and data analysis of the activities seen against our customers.
Focus areas
Threat Intelligence
Adversary Emulation
Defensive Research
Community Empowerment
Explore our latest research
Read more researchBlog
Detecting compromised passwords with HaveIBeenPwned and Fastly KV Store Integration
In this post, we will discuss a low latency approach to detect these attacks by co-locating the password hashes in a KV Store, along with Compute on Fastly’s edge.Blog
Automating WAF Tests with Fastly’s WAF Simulator
Being able to test and validate rule behavior is critical to a maintainable WAF. With our WAF Simulator, you can validate rules in a safe simulation environment.Blog
Cyber 5 Threat Insights
To gain a broader understanding of the threat landscape during "Cyber 5" weekend, we analyzed attack activities with a particular focus on commerce sites.Blog
WAF Simulator: Transforming DevSecOps Workflows
We're excited to announce Fastly's new WAF Simulator, which simplifies the testing process and provides the following key benefits.Blog
Patch that Vuln! Identify, Triage, and Qualify CVEs
Vulnerabilities are an unfortunate inevitability. However, when using a WAF there are options for your security teams while waiting for a patch.Blog
CVE-2023-30534: Insecure Deserialization in Cacti prior to 1.2.25
We have discovered two instances of insecure deserialization in Cacti versions prior to 1.2.25, tracked as CVE-2023-30534.Blog
Back to Basics: Directory Traversal
In this post, we'll explore the application vulnerability directory traversal. What is it and how can you protect your apps from it?Blog