Security blog

December 14, 2021
Our new WAF efficacy framework provides a standardized way to measure the effectiveness of a WAF’s detection capabilities through continuous verification and validation. Here’s how it works.
December 14, 2021
We’re sharing our latest data and new insights into the Log4j/Log4Shell vulnerability (CVE-2021-44228 + CVE-2021-45046) in this post in order to help the engineering community cope with the…
December 10, 2021
CVE-2021-44228 is a Remote Code Execution vulnerability in the Apache Log4j library being actively exploited. We provide our observations into the exploit and a summary of its impact.
December 9, 2021
The web’s infrastructure — and the applications we build on it — must constantly evolve to meet the ever-transforming expectations of modern and future end users. We’ve gathered five lessons…
December 7, 2021
In this post, we’ll show how you can use information from an origin response to add an abuse IP address to our penalty box. We've been touting the promise of security at the edge, and this…
December 1, 2021
To create more secure and resilient web experiences, we must design, build, and execute applications with security top of mind, and consider how the lessons of the past 30 years inform how…
November 23, 2021
Many websites today are really applications, and we should be building them as such. To do that, we need application architectures and networks that are capable of supporting fast, secure…
November 17, 2021
As we look back to celebrate the 30th anniversary of the website, it’s also worth thinking about the next 30 years. There are a couple of areas where we — as engineers, developers, and…
November 11, 2021
Compute, our serverless compute environment, can be used to solve headaches dealing with attackers looking to modify and manipulate resources. In this post, we tell you how.
October 18, 2021
Our Security Research Team provides guidance on how to address CVE-2021-40438, a vulnerability in Apache HTTP Server version 2.4.48 and earlier, by patching impacted version(s) and enabling…
October 7, 2021
The recent Apache HTTP Server vulnerability (CVE-2021-41773) is reportedly being exploited in the wild. Fastly already detects this vulnerability, but our next-gen WAF customers can also…
October 4, 2021
Organizations implementing DevOps practices often sacrifice security for speed, exposing them to potential threats. In reality though, many DevOps practices are already primed for security…

Ready to get started?

Get in touch or create an account.