Abstract:
Today, organizations deal with the challenge of running their infrastructure across many networks and namespaces due to the use of cloud environments, hosting services, the use of third-parties, and acquisitions. This can make it difficult to maintain visibility of Internet-facing assets and to track down externally exposed systems that pose a risk to security. The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and external asset discovery. During this talk, the founder of the project will demonstrate how to use OWASP Amass and explain how attack surface management provides defenders with enhanced visibility to better protect organizations.
Bio:
Jeff Foley has 20 years of industry experience focused on applied research & development and assessment of security in critical information technology and infrastructure. He is the Project Leader for Amass, an OWASP (Open Web Application Security Project) Foundation Flagship Project that performs in-depth attack surface mapping and asset discovery. Previously, he was the Global Head of Attack Surface Management at Citi, one of the largest global banks - an institution connecting millions of people across hundreds of countries and cities. Prior to this, Jeff served as the Program Manager for Offensive Cyber Warfare Research & Development at Northrop Grumman Corporation, an American global aerospace and defense technology company. In his spare time, Jeff enjoys experimenting with new blends of coffee, spending time with his wife and four children, and giving back to the information security community.
- Speaker Twitter: / jeff_foley
- Speaker GitHub: github.com/caffix
- Project GitHub: github.com/OWASP/Amass