My Terrible Roommates - Discovering the FlowFixation Vulnerability and the Risks of Sharing a Cloud Domain

Discover the FlowFixation vulnerability and explore the risks of sharing cloud domains in this 17-minute conference talk from BSidesLV. Delve into the potential prevention of impactful web vulnerabilities and learn about a "secret" guardrail for bug reporting and vulnerability triage. Examine a common cloud provider default configuration that poses risks similar to JavaScript execution on victim subdomains in on-premises environments. Gain insights into the public suffix list (PSL) as a lesser-known safeguard and explore case studies of significant cloud vulnerabilities. Investigate the FlowFixation vulnerability affecting AWS Managed Workflows for Apache Airflow (MWAA), which could lead to user session hijacking and potential remote code execution. Join speaker Liv Matan for this eye-opening presentation on cloud security challenges and solutions.