Cybersecurity Asset Management, Attack surface mgmt, Security Research

Attack Surface Management, Monitoring, & Mapping – Jeff Foley – ESW #219

March 10, 2021

The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques.

https://github.com/OWASP/Amass

https://owasp.org/www-project-amass/

https://vimeo.com/481985359 Visit https://www.securityweekly.com/esw for all the latest episodes!

Full Episode Show Notes

Attack Surface Management, Monitoring, & Mapping

Guests

Jeff Foley

Jeff Foley - Project Leader at OWASP

@jeff_foley

Jeff Foley’s industry experience has been focused on information security research & development in order to build and assess next generation solutions. He is the Project Leader for Amass, an OWASP (Open Web Application Security Project) Foundation flagship project that performs in-depth attack surface mapping and asset discovery. Jeff is an Adjunct Professor teaching Penetration Testing at the SUNY (State University of New York) Polytechnic Institute and a Principal Consultant at ClaritySec, Inc. Previously, he was the US Manager for Penetration Testing & Red Teaming at National Grid, a multinational electricity and gas utility company. Prior to this, Jeff served as a Principal Investigator of offensive cyber warfare research & development at Northrop Grumman Corporation, an American global aerospace and defense technology company. In his spare time, Jeff enjoys experimenting with new blends of coffee, automating security tasks, and giving back to the information security community.

Hosts

Adrian Sanabria

Adrian Sanabria - Senior Research Engineer at CyberRisk Alliance

@sawaba

Adrian is an outspoken researcher that doesn't shy away from uncomfortable truths. He loves to write about the security industry, tell stories, and still sees the glass as half full.

Paul Asadoorian

Paul Asadoorian - Founder at Security Weekly

@securityweekly

Paul Asadoorian is the founder of Security Weekly, which was acquired by CyberRisk Alliance. Paul spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones.

Tyler Shields

Tyler Shields - CMO at JupiterOne

@txs

Tyler advises, guides, and operates high tech startups primarily in the B2B security space. He is a former market analyst, engineer, product manager, marketing leader, and partnership manager. In other words, Tyler builds and grows businesses - in all aspects. He's a board advisor, angel investor, and board member at multiple firms and an investment advisor for a venture debt business. He loves to play guitar and poker in his free time.

Announcements

Audio

prestitial ad