security - CloudFlare

DDoS Prevention: Protecting The Origin

Published on July 30th, 2013 9:20AM by Nick Sullivan.

One of the many great features that CloudFlare provides is protection from Distributed Denial of Service (DDoS) attacks. A malicious party who wants to make your website or web service unavailable could try to overwhelm it with requests from compromised machines (or bots) all around the world. With a large

Staying on top of TLS attacks

Published on July 12th, 2013 12:02AM by John Graham-Cumming.

CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a priority. We use TLS both externally and internally and different uses of TLS have different constraints. Broadly there are three ways we use TLS: to

App: GamaSec Web Application Security and Vulnerability Scanning

Published on December 22nd, 2012 12:19AM by Kristin Tarr.

We enjoy working with companies who share a focus on website security. When GamaSec, an online web vulnerability-assessment service, inquired about ways to integrate, we were excited to make their scanning service available as a CloudFlare app, where any CloudFlare customer can easily turn on GamaSec. GamaSec's cloud-based

OCSP Stapling: How CloudFlare Just Made SSL 30% Faster

Published on October 29th, 2012 5:54PM by Matthew Prince.

This week CloudFlare is announcing several things we're doing to significantly improve the performance of SSL. Too few sites are secured with SSL. One of the reasons sites don't implement SSL is that it can slow down web performance. One of the less frequently discussed, but

Keeping passwords safe by staying up to date

Published on June 17th, 2012 11:08PM by John Graham-Cumming.

(Image credit: jantik) Over the last few weeks a number of companies have seen their password databases leaked onto the web and found that despite having made some effort to protect them many of the passwords were easily uncovered. Unfortunately, the disclosure of password databases is an ugly reality of

The Four Critical Security Flaws that Resulted in Last Friday's Hack

Published on June 4th, 2012 11:02PM by Matthew Prince.

A core value CloudFlare is that security information should be shared between organizations to make the entire Internet safer. That is how CloudFlare's systems work: if one site is attacked, data about that attack is immediately shared with the rest of the network so other sites can be