Fastly Security Research Team
Building stronger security solutions through research.
Our approach and focus areas
The Fastly Security Research team serves as a trusted advisor and subject matter expert in security to our customers, internal teams, and the broader community. We use research, analysis, and visibility across both our unique data and the overall threat landscape to inform and defend our customers from emerging threats.
Approach
Fastly's Security Research Team is chartered to advance threat intelligence, adversary emulation, defensive research, and community empowerment. Our team focuses on continuously analyzing the threat landscape and applying that knowledge to the technology, processes, and mitigations that Fastly offers to its customers. Our understanding of threats works from multiple angles, including our own exploitation research, strong intelligence partnerships with private/public partners, and data analysis of the activities seen against our customers.
Focus areas
Threat Intelligence
Adversary Emulation
Defensive Research
Community Empowerment
Explore our latest research
Read more researchBlog
Anatomy of a Command Injection: CVE-2021-25296(7,8) with Metasploit Module & Nuclei Template
NagiosXI versions 5.5.6 to 5.7.5 are vulnerable to three different instances of command injection.Blog
Using Client Hints to Detect Disparities
Learn how User-Agent Client Hints work, explore privacy-related features and concerns, and how the partial adoption and incompleteness of this emerging standard can be used to detect…Blog
Automating and Defending Nefarious Automation
If your application is on the internet, chances are it has been subjected to nefarious automation. These events can include many different attacks – including content scraping, credential…Blog
The state of TLS fingerprinting: What’s Working, What Isn’t, and What’s Next
TLS fingerprinting has become a prevalent tool to help security defenders identify what clients are talking to their server infrastructure.Blog
Threat hunting network callbacks in WAF data
Threat hunting is the practice of looking for active attackers who have possibly penetrated security boundaries within an organization. WAF data can be a valuable resource in threat hunting…Blog
Spring has sprung: breaking down CVE-2022-22963 & Spring4Shell (CVE-2022-22965)
In this post, we review details for two RCE vulnerabilities impacting Spring Cloud and Spring Framework, including how Fastly customers can protect themselves from this vulnerability.Blog
Open redirects: real-world abuse and recommendations [Examples]
Open URL redirection is a class of web app security problems that make it easier for attackers to direct users to malicious resources. Here are some examples of how they do it and what you…Blog