Fastly Security Research Team
Building stronger security solutions through research.
Our approach and focus areas
The Fastly Security Research team serves as a trusted advisor and subject matter expert in security to our customers, internal teams, and the broader community. We use research, analysis, and visibility across both our unique data and the overall threat landscape to inform and defend our customers from emerging threats.
Approach
Fastly's Security Research Team is chartered to advance threat intelligence, adversary emulation, defensive research, and community empowerment. Our team focuses on continuously analyzing the threat landscape and applying that knowledge to the technology, processes, and mitigations that Fastly offers to its customers. Our understanding of threats works from multiple angles, including our own exploitation research, strong intelligence partnerships with private/public partners, and data analysis of the activities seen against our customers.
Focus areas
Threat Intelligence
Adversary Emulation
Defensive Research
Community Empowerment
Explore our latest research
Read more researchBlog
Back to Basics: Directory Traversal
In this post, we'll explore the application vulnerability directory traversal. What is it and how can you protect your apps from it?Blog
Network Effect Threat Report: Uncovering the power of collective threat intelligence
Announcing the Network Effect Threat Report, Fastly’s threat intelligence report with insights based on unique data from April to June of 2023Blog
Back to Basics: OS Command Injection
What is an OS Command Injection? In this blog, we'll explore the web application vulnerability, OS Command Injection, and how to prevent it.Blog
CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability
What you need to know about CVE-2023-34362: Progress MOVEit Transfer SQL Injection VulnerabilityBlog
Anatomy of a Command Injection: CVE-2021-25296(7,8) with Metasploit Module & Nuclei Template
NagiosXI versions 5.5.6 to 5.7.5 are vulnerable to three different instances of command injection.Blog
Using Client Hints to Detect Disparities
Learn how User-Agent Client Hints work, explore privacy-related features and concerns, and how the partial adoption and incompleteness of this emerging standard can be used to detect…Blog
Automating and Defending Nefarious Automation
If your application is on the internet, chances are it has been subjected to nefarious automation. These events can include many different attacks – including content scraping, credential…Blog