[Owasp-leaders] OWASP Tinyurl Service (Was Short url)

Michael V. Scovetta michael.scovetta at gmail.com
Tue Oct 12 12:29:06 EDT 2010


I started a project like this about a year ago, but haven't had much time to
go beyond the initial implementation. The idea was a security-oriented
TinyURL.

http://fo.ly/

Instead of being immediately redirected when you click on a fo.ly link, you
arrive at a landing page that contains information about the destination URL
(via links to third-party sites that scan for malicious content).

If OWASP is looking to get into the redirector business, I'd be happy to
donate the domain/code/database. Or really anything else. I'm not doing much
with it as is, and it basically runs itself. The site could really use some
sexing up (as you can probably tell, I'm not a UI guy).

Thanks--

Mike

On Tue, Oct 12, 2010 at 10:58 AM, Neil Matatall <neil at owasp.org> wrote:

> Great point Dinis.  I would be glad to develop/manage one but that would be
> a conflict of interest of course ;)
>
> Neil
>
>
> On Tue, Oct 12, 2010 at 7:19 AM, dinis cruz <dinis.cruz at owasp.org> wrote:
>
>> I think that this is a cool idea, that the OWASP Community should be
>> involved and that there is a need for such 'security focused' redirects
>> (note how Twitter and Bit.ly are trying to get into that space)
>>
>> I'm not sure about the part were OWASP would running these services (i.e.
>> used in the real world), since that should be done by a 'commercially
>> focused' entity (with SLAs, backups, support, etc..). I think OWASP's role
>> should be on everything else BUT running the live service (think Ecosystem,
>> project, PoCs, rules of engagement, security reviews, etc...)
>>
>> There was actually a PoC created a while back on this exact topic
>> (including a live example of it running) but I can't remember who did it (I
>> think it was implemented in Java??). I just tried to find it on my inbox(ex)
>> and had no luck, so are the involved parties on this list so that they can
>> put my memory to shame? (and point us to what has already been done)
>>
>> Dinis Cruz
>>
>>
>>
>> On 11 October 2010 16:33, Neil Matatall <neil at owasp.org> wrote:
>>
>>> Would there be any interest in developing an OWASP tinyurl service?  It
>>> might be a good way to use the brand to promote security with the potential
>>> for damage if a nasty link gets through.
>>>
>>> There would have to be...
>>>
>>>    - an approval process (so there would be very few links actually
>>>    "endorsed")
>>>    - a review and alerting process in the case that a site gets
>>>    compromised
>>>    - an endorsement of the source by multiple members/leaders
>>>    - etc
>>>
>>> I think I just talked myself out of this but it could be useful and a way
>>> to get a little more brand recognition out there.  My vote would be that
>>> this is too cumbersome and the potential impact is a little too big for my
>>> comfort.  Nevertheless, I would like to discuss this if others are willing
>>> and interested.
>>>
>>> Neil
>>>
>>>
>>> On Mon, Oct 11, 2010 at 5:53 AM, Ferdinand Vroom <
>>> ferdinand.vroom at owasp.org> wrote:
>>>
>>>> Paulo,
>>>>
>>>> We would like to use a short url for our opsomming BeNeLux conference.
>>>> Preferrably, http://www.owasp.org/benelux.
>>>> Could you arrange for that?
>>>>
>>>> Greetings,
>>>>
>>>> Ferdinand
>>>> Netherlands Chapter
>>>>
>>>> 2010/10/9, Paulo Coimbra <paulo.coimbra at owasp.org>:
>>>> > Leaders,
>>>> >
>>>> >
>>>> >
>>>> > I am glad to announce I've just set a new project up - the OWASP
>>>> Secure Web
>>>> > Application Framework Manifesto, led by Rohit Sethi. Please welcome
>>>> his new
>>>> > OWASP initiative!
>>>> >
>>>> >
>>>> >
>>>> >
>>>> http://www.owasp.org/index.php/OWASP_Secure_Web_Application_Framework_Manife
>>>> > sto#tab=Project_About
>>>> >
>>>> >
>>>> >
>>>> > http://www.owasp.org/index.php/User:Rksethi
>>>> >
>>>> >
>>>> >
>>>> > As always, your suggestions and contributions would be greatly
>>>> appreciated.
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > In addition, this project already has a very mature release, OWASP
>>>> Secure
>>>> > Web Application Framework Manifesto/Version v0.08 - please glance at
>>>> it.
>>>> >
>>>> >
>>>> >
>>>> >
>>>> http://www.owasp.org/index.php/Projects/OWASP_Secure_Web_Application_Framewo
>>>> > rk_Manifesto/Releases/Current
>>>> >
>>>> >
>>>> >
>>>> > If the project leader and his contributors ultimately decide to have
>>>> this
>>>> > release assessed as I am counting on, I will update you.
>>>> >
>>>> >
>>>> >
>>>> > Many thanks, regards,
>>>> >
>>>> >
>>>> >
>>>> > Paulo Coimbra,
>>>> >
>>>> >  <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager
>>>> >
>>>> >
>>>> >
>>>> >
>>>>
>>>> --
>>>> Verzonden vanaf mijn mobiele apparaat
>>>>
>>>> Ferdinand Vroom
>>>> OWASP Dutch Chapter Board Member
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> --
>>>
>>> Neil
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
>
> --
>
> Neil
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
-[ Michael Scovetta ]-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101012/6dc47ee8/attachment.html 


More information about the OWASP-Leaders mailing list