Back to blog

Follow and Subscribe

Security

Page 9

  • Dept. of Know Live: Sounil Yu on DIE security model | Fastly

    Sounil Yu

    JupiterOne CISO and Head of Research Sounil Yu joined hosts Kelly Shortridge and Bea Hughes on The Dept. of Know Live! to chat about how to make security an enabler of innovation. In this blog post, Sounil shares highlights from the conversation.

    Security

  • Defense-in-Depth Security for Web Apps | Fastly

    Matt Torrisi

    While there’s no magic answer to stop all cyberattacks, there are a number of principles used in a defense-in-depth strategy that can be put in place ahead of a possible attack to limit its impact.

    Security

  • Dept. of Know Live! 4 highlights from Rinki Sethi's chat on modern security | Fastly

    Rinki Sethi

    Former Twitter CISO Rinki Sethi joined hosts Kelly Shortridge and Bea Hughes on The Dept. of Know Live! to chat about what success in modern security means. In this blog post, Rinki shares four highlights from the conversation.

    Security

  • Custom response codes for Fastly WAF | Fastly

    Blake Dournaee

    With the introduction of custom response codes, our edge cloud network can now pick up response codes from the Fastly Next-Gen WAF and take custom action at the edge — without the need to create advanced rules. That means more customized, more efficient security for our customers.

    Security
    Compute

  • The Dept. of Know Live! web app & API sec. speaker series | Fastly

    Christina Nguyen

    The Dept. of Know Live! is a virtual speaker series designed to make you think differently about web app and API security. Each episode in March will feature a different guest for a 15-minute interview on some of the hottest topics in security today, followed by a live Q&A. Here’s what to expect.

    Security

  • With the launch of edge deployment, the Fastly Next-Gen WAF is first in the industry to offer a fully unified web app and API security solution

    Sean Leach

    The Fastly Next-Gen WAF (powered by Signal Sciences) protects apps wherever they live: on-premises, in containers, in the cloud, and — as of today — at the edge. This makes it the industry’s first and only unified WAF.

    Security

  • Inside Fastly: a look at our vulnerability remediation process

    Sandra Escandor-O’Keefe

    In this post, we present a look at our vulnerability remediation and engineering team and how they were able to roll out a recent fix for a QUIC/H2O vulnerability in under two weeks.

    Engineering
    Security

  • Open redirects: abuse & recs [Ex.] | Fastly

    Fastly Security Research Team

    Open URL redirection is a class of web app security problems that make it easier for attackers to direct users to malicious resources. Here are some examples of how they do it and what you can do to prevent it.

    Security

  • How to Secure your GraphQL

    Fastly Security Research Team, Simran Khalsa

    There are many benefits to adopting GraphQL, but its security implications are less understood. In this post, we’ll explore those implications and offer guidance on which defaults and controls can support a safer GraphQL implementation.

    Engineering
    Security

  • Fastly's 2021 in Review

    David Belson

    In this post, we’ll take a look back at the past year through the eyes of our edge cloud network to explore what we saw across new protocol adoption, security initiatives, network growth, and more.

    Industry insights
    + 4 more

  • Log4Shell attacks (CVE-2021-44228) insights | Fastly

    Fastly Security Research Team, Xavier Stevens, + 1 more

    We’re sharing our latest data and new insights into the Log4j/Log4Shell vulnerability (CVE-2021-44228 + CVE-2021-45046) in this post in order to help the engineering community cope with the situation. We also share our guidance around testing your environment against many of the new obfuscation methods that have been seen.

    Industry insights
    Security

  • WAF framework measures WAF effectiveness | Fastly

    Fastly Security Research Team, Simran Khalsa, + 1 more

    Our new WAF efficacy framework provides a standardized way to measure the effectiveness of a WAF’s detection capabilities through continuous verification and validation. Here’s how it works.

    Engineering
    Security

  • Log4Shell exploit found in Log4j | Fastly

    Fastly Security Research Team, Xavier Stevens, + 1 more

    CVE-2021-44228 is a Remote Code Execution vulnerability in the Apache Log4j library being actively exploited. We provide our observations into the exploit and a summary of its impact.

    Security
    Engineering

  • 30 Years of Web: Building for Tomorrow

    Lee Chen

    The web’s infrastructure — and the applications we build on it — must constantly evolve to meet the ever-transforming expectations of modern and future end users. We’ve gathered five lessons today’s builders can use to drive the next three decades of the web.

    Industry insights
    + 2 more

  • Grinch bots penalized w/ enriched security data & our edge cloud platform | Fastly

    Brooks Cunningham

    In this post, we’ll show how you can use information from an origin response to add an abuse IP address to our penalty box. We've been touting the promise of security at the edge, and this is just one example of what it can do.

    Security
    + 2 more

  • 30 Years of Web: Securing Tomorrow

    Mike Johnson

    To create more secure and resilient web experiences, we must design, build, and execute applications with security top of mind, and consider how the lessons of the past 30 years inform how we think about the future of security.

    Industry insights
    Security

  • 30 Years of Web: Future-Ready Apps

    Jana Iyengar

    Many websites today are really applications, and we should be building them as such. To do that, we need application architectures and networks that are capable of supporting fast, secure, and scalable user experiences. We must embrace a more dynamic mindset in how we approach web development and consider the tools we need to get there.

    Industry insights
    + 3 more

  • 30 Years of Web: Future Demands

    Davin Camara

    As we look back to celebrate the 30th anniversary of the website, it’s also worth thinking about the next 30 years. There are a couple of areas where we — as engineers, developers, and builders in general — can champion innovation, mainly around architecture and security.

    Industry insights
    + 5 more

  • Subresource monitoring with Compute

    Fastly Security Research Team

    Compute, our serverless compute environment, can be used to solve headaches dealing with attackers looking to modify and manipulate resources. In this post, we tell you how.

    Security
    Compute

  • Preventing SSRF: Apache CVE-2021-40438 | Fastly

    Fastly Security Research Team

    Our Security Research Team provides guidance on how to address CVE-2021-40438, a vulnerability in Apache HTTP Server version 2.4.48 and earlier, by patching impacted version(s) and enabling a new templated rule to prevent exploitation.

    Engineering
    Security
Fastly
© Fastly 2025