The security researchers delivering the latest insights

The Fastly Security Research Team uses research, analysis, and visibility across both our unique data and the overall threat landscape to inform and defend our customers from emerging threats.

Focus areas

Building stronger solutions through research

The Fastly Security Research Team serves as a trusted advisor and subject matter expert in security to our customers, internal teams, and the broader community.

Threat Intelligence

We identify industry trends and emerging threats to proactively secure Fastly customers against threats.
Vulnerability research

We uncover the specifics of vulnerabilities and their impact; examining proof of concepts, reverse-engineering exploits from patches, and discovering new vulnerabilities.
Community support

We create content and tools to help the community navigate the current application security landscape and key threats within.
Early Detection

We monitor the macro-security environment for novel attacks and ensure security teams are aware and protected.
Trend analysis

We examine attack data to spotlight shifts in adversary dynamics.
Product Innovation

We create and evaluate new technologies to inform product innovation.

Demistifying the latest threats

New 0/N-day threats, CVEs, and much more are thrust into the industry more frequently than ever before. Keep your team appraised with our latest analysis:

Read our security reports

Threat Insights Reports
Stay ahead of cyber threats with expert analysis on the latest application security trends and insights.
Read the report
ToolShell Remote Code Execution in Microsoft SharePoint: CVE-2025-53770 & CVE-2025-53771
Read the blog
CVE-2025-29927: Authorization Bypass in Next.js
A critical Next.js Vulnerability (CVE-2025-29927) lets attackers bypass authorization. Protect your applications now.
Read more

Empowering secure practices

Security postures must regularly evolve to mitigate sophisticated attackers. Streamline your DevSecOps processes with features and best practices we’ve helped develop:

How to Protect Against Credential Stuffing
In this post, we will discuss a low latency approach to detect these attacks by co-locating the password hashes in a KV Store, along with Compute on Fastly’s edge.
Read more
Detection as Code with Fastly's WAF Simulator
Being able to test and validate rule behavior is critical to a maintainable WAF. With our WAF Simulator, you can validate rules in a safe simulation environment.
Read more
Patch that Vuln! Identify, Triage, and Qualify CVEs
Vulnerabilities are an unfortunate inevitability. However, when using a WAF there are options for your security teams while waiting for a patch.
Read more

Educating the community

Customers leverage Fastly’s security products with varying levels of knowledge. Enhance your expertise with details on key concepts and trends:

What is HTTP Request Smuggling?
HTTP request smuggling is a vulnerability that arises from inconsistencies within HTTP request parsing between multiple devices.
Read more
What is directory traversal
Directory traversal, or path traversal, is a web application vulnerability that enables attackers to access unintended files on an underlying filesystem.
Read more
Cyber 5 Threat Insights
To gain a broader understanding of the threat landscape during "Cyber 5" weekend, we analyzed attack activities with a particular focus on commerce sites.
Read more

The security researchers delivering the latest insights

Threat Intelligence

Vulnerability research

Community support

Early Detection

Trend analysis

Product Innovation