Introducing Amass v4.0 and the OAM: A Conversation with Jeff Foley

Introducing Amass v4.0 and the OAM: A Conversation with Jeff Foley

08/01/2023 | Phillip Wylie |

About The Guest

Jeff Foley is a security researcher and the Vice President of Research for ZeroFOX. He is also the project leader for OWASP Amass, a project focused on external cybersecurity. Jeff has a strong background in computer science and has been involved in the information security industry for many years.

Summary

In this episode, Jeff Foley discusses the evolution of OWASP Amass, a project he leads that focuses on external cybersecurity. He explains how he got started in information security and coding, and how his passion for automation led him to create Amass. Jeff also introduces the Open Asset Model (OAM), a new data model that allows users to represent and analyze the data collected by Amass. He highlights the importance of having visibility on one's attack surface and the need for a unified format to communicate about exposed assets on the internet. Jeff shares his plans for the future of Amass, including expanding the taxonomy and collection capabilities, and involving the community in the development process.

Key Takeaway

  • OWASP Amass is a project focused on external cybersecurity and provides visibility on exposed assets on the internet.
  • The Open Asset Model (OAM) is a new data model introduced in Amass version 4.0, which allows users to represent and analyze the collected data in a unified format.
  • The OAM aims to create a standard and unified way of communicating about attack surfaces and to make it easier for users to understand and analyze the data.
  • Amass is evolving to include more asset types and relationships, and the team is developing a collection engine to keep up with the expanding taxonomy.
  • The project welcomes contributions from the community and encourages users to get involved and provide feedback.

Quotes

  • “You can't be protecting things if you don't know they're there.” – Jeff Foley
  • “The Open Asset Model is about creating a standard and unified way of communicating about exposed assets on the internet.” – Jeff Foley

Socials and resources

– Twitter: @jeff_foley

– Amass Twitter: @owaspamass

– GitHub: https://github.com/caffix

– Amass GitHub: https://github.com/owasp-amass

– Mastodon: @[email protected]

– Amass Mastodon: @[email protected]

– LinkedIn: https://www.linkedin.com/in/caffix/

– OWASP Amass: https://owasp.org/www-project-amass/

– Amass Discord: https://discord.gg/HNePVyX3cp

Podcast: Play in new window | Download