Fastly Security Research Team
Building stronger security solutions through research.
Our approach and focus areas
The Fastly Security Research team serves as a trusted advisor and subject matter expert in security to our customers, internal teams, and the broader community. We use research, analysis, and visibility across both our unique data and the overall threat landscape to inform and defend our customers from emerging threats.
Fastly's Security Research Team is chartered to advance threat intelligence, adversary emulation, defensive research, and community empowerment. Our team focuses on continuously analyzing the threat landscape and applying that knowledge to the technology, processes, and mitigations that Fastly offers to its customers. Our understanding of threats works from multiple angles, including our own exploitation research, strong intelligence partnerships with private/public partners, and data analysis of the activities seen against our customers.
Explore our latest researchRead more research
Anatomy of a Command Injection: CVE-2021-25296(7,8) with Metasploit Module & Nuclei TemplateNagiosXI versions 5.5.6 to 5.7.5 are vulnerable to three different instances of command injection.
Using Client Hints to Detect DisparitiesLearn how User-Agent Client Hints work, explore privacy-related features and concerns, and how the partial adoption and incompleteness of this emerging standard can be used to detect…
Automating and Defending Nefarious AutomationIf your application is on the internet, chances are it has been subjected to nefarious automation. These events can include many different attacks – including content scraping, credential…
The state of TLS fingerprinting: What’s Working, What Isn’t, and What’s NextTLS fingerprinting has become a prevalent tool to help security defenders identify what clients are talking to their server infrastructure.
Threat hunting network callbacks in WAF dataThreat hunting is the practice of looking for active attackers who have possibly penetrated security boundaries within an organization. WAF data can be a valuable resource in threat hunting…
Spring has sprung: breaking down CVE-2022-22963 & Spring4Shell (CVE-2022-22965)In this post, we review details for two RCE vulnerabilities impacting Spring Cloud and Spring Framework, including how Fastly customers can protect themselves from this vulnerability.
Open redirects: real-world abuse and recommendations [Examples]Open URL redirection is a class of web app security problems that make it easier for attackers to direct users to malicious resources. Here are some examples of how they do it and what you…