Simran Khalsa
Staff Security Researcher
Simran is a Staff Security Researcher at Fastly where he focuses on threat intelligence, vulnerability research, and product innovation. He enjoys researching novel attack techniques and fortifying technology to prevent real-world web attacks. He has spent his career on both the offensive and defensive sides of the industry in both public and private sectors with an emphasis on building modern security solutions.
-
Smarter Security Operations: Embracing Detection-as-Code
Simran Khalsa, Gary Harrison, + 1 more
Modernize security with Detection-as-Code. Learn how to automate threat detection & response using DevSecOps & tools like Fastly's WAF Simulator.
DevOps+ 2 more
-
Security Without Speed Bumps: Why a WAF Simulator Transforms DevSecOps Workflows
Daniel Corbett, Liam Mayron, + 1 more
Learn about Fastly's WAF Simulator and how it transforms DevSecOps workflows by enabling integrated, continuous, and automated security testing.
DevOps+ 2 more
-
DDoS in December
Simran Khalsa, David King, + 1 more
Discover the latest trends and actionable insights on application DDoS attacks in December 2024. Strengthen your security with our expert analysis and guidance.
SecurityIndustry insights
-
Detection as Code with Fastly's WAF Simulator
Simran Khalsa, Fastly Security Research Team
Being able to test and validate rule behavior is critical to a maintainable WAF. With our WAF Simulator, you can validate rules in a safe simulation environment.
DevOps+ 3 more -
Active exploitation of unauthenticated stored XSS vulnerabilities in WordPress Plugins
Fastly Security Research Team, Simran Khalsa, + 2 more
We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000.
SecurityIndustry insights -
Cyber 5 Threat Insights
Simran Khalsa, Charlie Bricknell, + 1 more
To gain a broader understanding of the threat landscape during "Cyber 5" weekend, we analyzed attack activities with a particular focus on commerce sites.
Industry insights+ 2 more -
WAF Simulator: Transforming DevSecOps Workflows
Fastly Security Research Team, Simran Khalsa
We're excited to announce Fastly's new WAF Simulator, which simplifies the testing process and provides the following key benefits.
DevOps+ 2 more -
Patch that Vuln! Identify, Triage, and Qualify CVEs
Fastly Security Research Team, Simran Khalsa
Vulnerabilities are an unfortunate inevitability. However, when using a WAF there are options for your security teams while waiting for a patch.
Security+ 2 more -
Network Effect Threat Report: Uncovering the power of collective threat intelligence
Fastly Security Research Team, Simran Khalsa, + 3 more
Announcing the Network Effect Threat Report, Fastly’s threat intelligence report with insights based on unique data from April to June of 2023
Security+ 2 more -
CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability
Fastly Security Research Team, Simran Khalsa, + 3 more
What you need to know about CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability
Security -
Using Client Hints to Detect Disparities
Fastly Security Research Team, Simran Khalsa
Learn how User-Agent Client Hints work, explore privacy-related features and concerns, and how the partial adoption and incompleteness of this emerging standard can be used to detect behavior disparities.
DevOps+ 2 more -
Automating and Defending Nefarious Automation
Fastly Security Research Team, Simran Khalsa
If your application is on the internet, chances are it has been subjected to nefarious automation. These events can include many different attacks – including content scraping, credential stuffing, application DDoS, web form abuse, token guessing, and more.
Security -
Spring: CVE-2022-22963 & Spring4Shell (CVE-2022-22965) | Fastly
Fastly Security Research Team, Xavier Stevens, + 1 more
In this post, we review details for two RCE vulnerabilities impacting Spring Cloud and Spring Framework, including how Fastly customers can protect themselves from this vulnerability.
Security -
How to Secure your GraphQL
Fastly Security Research Team, Simran Khalsa
There are many benefits to adopting GraphQL, but its security implications are less understood. In this post, we’ll explore those implications and offer guidance on which defaults and controls can support a safer GraphQL implementation.
EngineeringSecurity -
WAF framework measures WAF effectiveness | Fastly
Fastly Security Research Team, Simran Khalsa, + 1 more
Our new WAF efficacy framework provides a standardized way to measure the effectiveness of a WAF’s detection capabilities through continuous verification and validation. Here’s how it works.
EngineeringSecurity -
Log4Shell attacks (CVE-2021-44228) insights | Fastly
Fastly Security Research Team, Xavier Stevens, + 1 more
We’re sharing our latest data and new insights into the Log4j/Log4Shell vulnerability (CVE-2021-44228 + CVE-2021-45046) in this post in order to help the engineering community cope with the situation. We also share our guidance around testing your environment against many of the new obfuscation methods that have been seen.
Industry insightsSecurity -
Log4Shell exploit found in Log4j | Fastly
Fastly Security Research Team, Xavier Stevens, + 1 more
CVE-2021-44228 is a Remote Code Execution vulnerability in the Apache Log4j library being actively exploited. We provide our observations into the exploit and a summary of its impact.
SecurityEngineering -
Atlassian Confluence OGNL Injection Vulnerability Protection | Fastly
Fastly Security Research Team, Xavier Stevens, + 1 more
Our Security Research Team has built and deployed a rule to help protect customers of our next-gen WAF against the recently announced Confluence Server OGNL injection vulnerability, CVE-2021-26084.
Security -
Next-Gen WAF for Microsoft Exchange | Fastly
Fastly Security Research Team, Xavier Stevens, + 1 more
Fastly’s security research team has built and deployed a rule to protect Signal Sciences Next-Gen WAF customers against the recently announced Microsoft Exchange Server vulnerabilities.
ProductSecurity
