[Owasp-leaders] OWASP Tinyurl Service (Was Short url)

dinis cruz dinis.cruz at owasp.org
Tue Oct 12 10:19:17 EDT 2010


I think that this is a cool idea, that the OWASP Community should be
involved and that there is a need for such 'security focused' redirects
(note how Twitter and Bit.ly are trying to get into that space)

I'm not sure about the part were OWASP would running these services (i.e.
used in the real world), since that should be done by a 'commercially
focused' entity (with SLAs, backups, support, etc..). I think OWASP's role
should be on everything else BUT running the live service (think Ecosystem,
project, PoCs, rules of engagement, security reviews, etc...)

There was actually a PoC created a while back on this exact topic (including
a live example of it running) but I can't remember who did it (I think it
was implemented in Java??). I just tried to find it on my inbox(ex) and had
no luck, so are the involved parties on this list so that they can put my
memory to shame? (and point us to what has already been done)

Dinis Cruz


On 11 October 2010 16:33, Neil Matatall <neil at owasp.org> wrote:

> Would there be any interest in developing an OWASP tinyurl service?  It
> might be a good way to use the brand to promote security with the potential
> for damage if a nasty link gets through.
>
> There would have to be...
>
>    - an approval process (so there would be very few links actually
>    "endorsed")
>    - a review and alerting process in the case that a site gets
>    compromised
>    - an endorsement of the source by multiple members/leaders
>    - etc
>
> I think I just talked myself out of this but it could be useful and a way
> to get a little more brand recognition out there.  My vote would be that
> this is too cumbersome and the potential impact is a little too big for my
> comfort.  Nevertheless, I would like to discuss this if others are willing
> and interested.
>
> Neil
>
>
> On Mon, Oct 11, 2010 at 5:53 AM, Ferdinand Vroom <
> ferdinand.vroom at owasp.org> wrote:
>
>> Paulo,
>>
>> We would like to use a short url for our opsomming BeNeLux conference.
>> Preferrably, http://www.owasp.org/benelux.
>> Could you arrange for that?
>>
>> Greetings,
>>
>> Ferdinand
>> Netherlands Chapter
>>
>> 2010/10/9, Paulo Coimbra <paulo.coimbra at owasp.org>:
>> > Leaders,
>> >
>> >
>> >
>> > I am glad to announce I've just set a new project up - the OWASP Secure
>> Web
>> > Application Framework Manifesto, led by Rohit Sethi. Please welcome his
>> new
>> > OWASP initiative!
>> >
>> >
>> >
>> >
>> http://www.owasp.org/index.php/OWASP_Secure_Web_Application_Framework_Manife
>> > sto#tab=Project_About
>> >
>> >
>> >
>> > http://www.owasp.org/index.php/User:Rksethi
>> >
>> >
>> >
>> > As always, your suggestions and contributions would be greatly
>> appreciated.
>> >
>> >
>> >
>> >
>> > In addition, this project already has a very mature release, OWASP
>> Secure
>> > Web Application Framework Manifesto/Version v0.08 - please glance at it.
>> >
>> >
>> >
>> >
>> http://www.owasp.org/index.php/Projects/OWASP_Secure_Web_Application_Framewo
>> > rk_Manifesto/Releases/Current
>> >
>> >
>> >
>> > If the project leader and his contributors ultimately decide to have
>> this
>> > release assessed as I am counting on, I will update you.
>> >
>> >
>> >
>> > Many thanks, regards,
>> >
>> >
>> >
>> > Paulo Coimbra,
>> >
>> >  <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager
>> >
>> >
>> >
>> >
>>
>> --
>> Verzonden vanaf mijn mobiele apparaat
>>
>> Ferdinand Vroom
>> OWASP Dutch Chapter Board Member
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>
>
> --
>
> --
>
> Neil
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101012/92b3117c/attachment.html 


More information about the OWASP-Leaders mailing list