Fastly Security Research Team

Building stronger security solutions through research.

Our approach and focus areas

The Fastly Security Research team serves as a trusted advisor and subject matter expert in security to our customers, internal teams, and the broader community. We use research, analysis, and visibility across both our unique data and the overall threat landscape to inform and defend our customers from emerging threats.


Fastly's Security Research Team is chartered to advance threat intelligence, adversary emulation, defensive research, and community empowerment. Our team focuses on continuously analyzing the threat landscape and applying that knowledge to the technology, processes, and mitigations that Fastly offers to its customers. Our understanding of threats works from multiple angles, including our own exploitation research, strong intelligence partnerships with private/public partners, and data analysis of the activities seen against our customers.

Focus areas

Threat Intelligence

Adversary Emulation

Defensive Research

Community Empowerment

Explore our latest research

Read more research


Back to Basics: Directory Traversal
In this post, we'll explore the application vulnerability directory traversal. What is it and how can you protect your apps from it?


Network Effect Threat Report: Uncovering the power of collective threat intelligence
Announcing the Network Effect Threat Report, Fastly’s threat intelligence report with insights based on unique data from April to June of 2023


Back to Basics: OS Command Injection
What is an OS Command Injection? In this blog, we'll explore the web application vulnerability, OS Command Injection, and how to prevent it.


CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability
What you need to know about CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability


Anatomy of a Command Injection: CVE-2021-25296(7,8) with Metasploit Module & Nuclei Template
NagiosXI versions 5.5.6 to 5.7.5 are vulnerable to three different instances of command injection.


Using Client Hints to Detect Disparities
Learn how User-Agent Client Hints work, explore privacy-related features and concerns, and how the partial adoption and incompleteness of this emerging standard can be used to detect…


Automating and Defending Nefarious Automation
If your application is on the internet, chances are it has been subjected to nefarious automation. These events can include many different attacks – including content scraping, credential…


The state of TLS fingerprinting: What’s Working, What Isn’t, and What’s Next
TLS fingerprinting has become a prevalent tool to help security defenders identify what clients are talking to their server infrastructure.

Frictionless security for every team.

Talk to an expertOr read more about Fastly Security