Security blog

December 1

To create more secure and resilient web experiences, we must design, build, and execute applications with security top of mind, and consider how the lessons of the past 30 years inform how…

November 23

Many websites today are really applications, and we should be building them as such. To do that, we need application architectures and networks that are capable of supporting fast, secure…

November 17

As we look back to celebrate the 30th anniversary of the website, it’s also worth thinking about the next 30 years. There are a couple of areas where we — as engineers, developers, and…

November 11

Compute@Edge, our serverless compute environment, can be used to solve headaches dealing with attackers looking to modify and manipulate resources. In this post, we tell you how.

October 18

Our Security Research Team provides guidance on how to address CVE-2021-40438, a vulnerability in Apache HTTP Server version 2.4.48 and earlier, by patching impacted version(s) and enabling…

October 7

The recent Apache HTTP Server vulnerability (CVE-2021-41773) is reportedly being exploited in the wild. Fastly already detects this vulnerability, but our next-gen WAF customers can also…

October 4

Organizations implementing DevOps practices often sacrifice security for speed, exposing them to potential threats. In reality though, many DevOps practices are already primed for security…

September 30

Forrester’s 2021 Annual State of Application Security Report stresses the need for updated application security tools that can be easily integrated into development plans and architecture.

September 13

Your organization may have operational and cultural roadblocks to overcome when it comes to integrating security and DevOps. These tips can help you ensure a smooth transition to more secure…

September 7

Many companies are still relying on legacy rules-based web application firewalls that can make scaling difficult and, in some cases, cause more problems than they solve with false positives…

September 3

Modern applications need modern security tools that include flexible deployment, DevOps support, and strong API protection. Here are the six most important characteristics of modern web app…

September 3

Our Security Research Team has built and deployed a rule to help protect customers of our next-gen WAF against the recently announced Confluence Server OGNL injection vulnerability, CVE-202…