Fastly Security Research Team

Building stronger security solutions through research.

Our approach and focus areas

The Fastly Security Research team serves as a trusted advisor and subject matter expert in security to our customers, internal teams, and the broader community. We use research, analysis, and visibility across both our unique data and the overall threat landscape to inform and defend our customers from emerging threats.


Fastly's Security Research Team is chartered to advance threat intelligence, adversary emulation, defensive research, and community empowerment. Our team focuses on continuously analyzing the threat landscape and applying that knowledge to the technology, processes, and mitigations that Fastly offers to its customers. Our understanding of threats works from multiple angles, including our own exploitation research, strong intelligence partnerships with private/public partners, and data analysis of the activities seen against our customers.

Focus areas

Threat Intelligence

Adversary Emulation

Defensive Research

Community Empowerment

Explore our latest research

Read more research


Detecting compromised passwords with HaveIBeenPwned and Fastly KV Store Integration
In this post, we will discuss a low latency approach to detect these attacks by co-locating the password hashes in a KV Store, along with Compute on Fastly’s edge.


Automating WAF Tests with Fastly’s WAF Simulator
Being able to test and validate rule behavior is critical to a maintainable WAF. With our WAF Simulator, you can validate rules in a safe simulation environment.


Cyber 5 Threat Insights
To gain a broader understanding of the threat landscape during "Cyber 5" weekend, we analyzed attack activities with a particular focus on commerce sites.


WAF Simulator: Transforming DevSecOps Workflows
We're excited to announce Fastly's new WAF Simulator, which simplifies the testing process and provides the following key benefits.


Patch that Vuln! Identify, Triage, and Qualify CVEs
Vulnerabilities are an unfortunate inevitability. However, when using a WAF there are options for your security teams while waiting for a patch.


CVE-2023-30534: Insecure Deserialization in Cacti prior to 1.2.25
We have discovered two instances of insecure deserialization in Cacti versions prior to 1.2.25, tracked as CVE-2023-30534.


Back to Basics: Directory Traversal
In this post, we'll explore the application vulnerability directory traversal. What is it and how can you protect your apps from it?


Network Effect Threat Report: Uncovering the power of collective threat intelligence
Announcing the Network Effect Threat Report, Fastly’s threat intelligence report with insights based on unique data from April to June of 2023

Frictionless security for every team.

Talk to an expertOr read more about Fastly Security