• Miggo Research Findings: Identified over 15,000 potentially impacted applications using AWS ALB with a critical configuration-based vulnerability (ALBeast) affecting authentication. Discovered on April 6th and reported to AWS, collaborating since. AWS updated authentication feature docs on May 1st and July 19th.
• Attacker Exploitation: Animation shows how attacker creates own ALB with configured auth, signs token, alters config, and bypasses auth and authorization using forged token against victim's app.
• Mitigation: Follow two config requirements - verify token signer and restrict targets to accept only from ALB. AWS updated docs to reflect these.
• Shared Responsibility Model: Divides security between AWS and customers. For ALBeast, customers responsible for ensuring app compliance with updated docs.
• Distributed Architecture Challenges: Microservice architecture creates new security challenges as it delegates responsibilities. Security teams need to ensure correct implementation across apps but it complicates trust model.
• Detection and Response: Traditional security tools are blind to app inner workings during runtime. Miggo's ADR platform offers real-time insights and context-aware analysis to detect security issues like ALBeast and attacks.