ZeroFox, an enterprise software-as-a-service provider in external cybersecurity, has contributed tools and a standards framework to the Open Web Application Security Project (OWASP) Amass Project.
The Amass Project aims to help businesses and government entities improve visibility to their full external attack surface asset ecosystem, ZeroFox stated.
Help Mapping the Attack Surface
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open-source information gathering and active reconnaissance techniques.
The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of its projects, tools, documents, forums and chapters are free and open to anyone interested in improving application security.
ZeroFox identified a critical gap in the attack surface management landscape and led the development of the Open Asset Model and Asset Database within the OWASP Amass Project.
Jeff Foley, ZeroFox vice president of Research, commented on the company’s contribution:
"We are thrilled to contribute to the OWASP Amass Project and provide the security community with cutting-edge tools for Attack Surface Management. By leveraging the power of open source, we aim to expand access to advanced cybersecurity capabilities, helping organizations proactively defend against emerging threats."
External attack surface management refers to the process of identifying, analyzing and mitigating the vulnerabilities and risks associated with an organization's external-facing digital assets. They include websites, applications and network infrastructure. (via Cycognito)
What ZeroFox Offers
Here are some highlights of ZeroFox’s contributions:
- Open Asset Model and Asset Database contributions offer security analysts a unified and structured approach to identifying and managing potential vulnerabilities outside the perimeter.
- Open Asset Model provides a new standard for asset definitions, representing a comprehensive framework for describing and categorizing diverse internet-facing assets.
- Amass community can quickly adapt the model to include new types of assets exposed on the internet, and their relationships to each other, for more accurate discovery, tracking, monitoring and management.
- Asset Database implements this model, offering the database interaction layer to store discovered assets in the popular sqlite3 and PostgreSQL database management systems.
- Asset Database will foster the development of an ecosystem of scanning and analysis tools, allowing them to store and analyze assets from the Open Asset Model and their relationships.
- New standards now provide the information security community with a consistent and predictable format when transferring data describing external attack surfaces.