Cloudflare Blog: Security

Making Content Security Policies (CSPs) easy with Page Shield

September 15, 2023 2:00PM

We just deployed a number of updates to our Client-Side Security Product: Page Shield. As of today we support all major CSP directives, better suggestions, better violation reporting, Page Shield specific user role permissions, and domain insights...

Michael Tremante

Application Security Report: Q2 2023

August 21, 2023 3:15PM

Cloudflare Radar Security WAF Bots DDoS

We are back with a quarterly update of our Application Security report. Read on to learn about new attack trends and insights visible from Cloudflare’s global network...

An August reading list about online security and 2023 attacks landscape

August 21, 2023 2:00PM

Reading List Security Attacks DDoS Ransom Attack

Here is a reading list with 2023 trends, what you need to know about attacks, and a guide on how to stay protected using Cloudflare...

João Tomé

Introducing per hostname TLS settings — security fit to your needs

August 09, 2023 2:00PM

Security SSL TLS Product News

Starting today, customers that use Cloudflare’s Advanced Certificate Manager can configure TLS settings on individual hostnames within a domain...

Dina Kozlov

Unmasking the top exploited vulnerabilities of 2022

August 04, 2023 7:29PM

WAF Security CISA Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) just released a report highlighting the most commonly exploited vulnerabilities of 2022....

July 25, 2023 1:47AM

How Cloudflare is staying ahead of the AMD vulnerability known as “Zenbleed”

The Google Information Security Team revealed a new flaw in AMD's Zen 2 processors in a blog post today. The 'Zenbleed' flaw affects the entire Zen 2 product stack, from AMD's EPYC data center processors to the Ryzen 3000 CPUs, and can be exploited to steal sensitive data processed in the CPU,...

By

Hardware , Security , Vulnerabilities

July 11, 2023 2:00PM

Bring your own CA for client certificate validation with API Shield

API shield customers can now upload their own CA to use for client certificate validation. This ensures that only authorized clients and devices can make requests to your API endpoint or application....

By

Dina Kozlov

API Shield , Mutual TLS , SSL , TLS , Security

June 08, 2023 3:00PM

Cloudflare Area 1 earns SOC 2 report

Many customers want assurance that the sensitive information they send to us can be kept safe. One of the best ways to provide this assurance is a SOC 2 Type II report...

By

Samuel Vieira
, Paul East

Security , Compliance , Certification , Area 1 Security , Cloudflare Area 1

June 06, 2023 2:00PM

Examining HTTP/3 usage one year on

With the HTTP/3 RFC celebrating its 1st birthday, we examined HTTP version usage trends between May 2022 - May 2023. We found that HTTP/3 usage by browsers continued to grow, but that search engine and social media bots continued to effectively ignore the latest version of the web’s core protocol...

By

David Belson
, Lucas Pardue

QUIC , Speed & Reliability , Security , IETF

May 18, 2023 2:00PM

Announcing Cloudflare Secrets Store

Introducing Secrets Store by Cloudflare - the ultimate solution for managing your application secrets securely. Safeguard sensitive information, track access, and maintain ease of use....

By

Dina Kozlov

Developer Week , Developers , Cloudflare Workers , Security

May 18, 2023 2:00PM

How to secure Generative AI applications

Earn best practices for securing generative AI applications based on Cloudflare's experience protecting some of the largest AI applications in the world...

By

Reid Tatoris

Developer Week , Developers , Security , AI , API Security

April 25, 2023 2:07PM

SLP: a new DDoS amplification vector in the wild

Researchers have recently published the discovery of a new DDoS reflection/amplification attack vector leveraging the SLP protocol. Cloudflare expects the prevalence of SLP-based DDoS attacks to rise in the coming weeks...

By

Alex Forster
, Omer Yoachimik

CVE , Vulnerabilities , DDoS , Attacks , Mitigation

April 21, 2023 2:00PM

Why I joined Cloudflare as Chief Security Officer

As someone who is passionate about technology, security, and its potential to improve our lives, I knew that I wanted to work for a company that shared those values....

By

Grant Bourzikas

Life @ Cloudflare , Careers , CISO , Security

April 20, 2023 2:44PM

Secure by default: recommendations from the CISA’s newest guide, and how Cloudflare follows these principles to keep you secure

In this post we’ll review some of the authors’ recommendations, discuss how Cloudflare applies these principles to the products that we build, and provide some suggestions on what other organizations can do to support similar initiatives internally...

By

Patrick R. Donahue
, Ed Conolly

Secure by Design , Secure by Default , CISA , Security