[Owasp-leaders] OWASP Tinyurl Service (Was Short url)

Neil Matatall neil at owasp.org
Tue Oct 12 12:32:07 EDT 2010


Have to throw this in even if it is somewhat missing the point of this
particular conversation: http://news.ycombinator.com/item?id=1763431
<http://news.ycombinator.com/item?id=1763431>

On Tue, Oct 12, 2010 at 9:29 AM, Michael V. Scovetta <
michael.scovetta at gmail.com> wrote:

> I started a project like this about a year ago, but haven't had much time
> to go beyond the initial implementation. The idea was a security-oriented
> TinyURL.
>
> http://fo.ly/
>
> Instead of being immediately redirected when you click on a fo.ly link,
> you arrive at a landing page that contains information about the destination
> URL (via links to third-party sites that scan for malicious content).
>
> If OWASP is looking to get into the redirector business, I'd be happy to
> donate the domain/code/database. Or really anything else. I'm not doing much
> with it as is, and it basically runs itself. The site could really use some
> sexing up (as you can probably tell, I'm not a UI guy).
>
> Thanks--
>
> Mike
>
>
> On Tue, Oct 12, 2010 at 10:58 AM, Neil Matatall <neil at owasp.org> wrote:
>
>> Great point Dinis.  I would be glad to develop/manage one but that would
>> be a conflict of interest of course ;)
>>
>> Neil
>>
>>
>> On Tue, Oct 12, 2010 at 7:19 AM, dinis cruz <dinis.cruz at owasp.org> wrote:
>>
>>> I think that this is a cool idea, that the OWASP Community should be
>>> involved and that there is a need for such 'security focused' redirects
>>> (note how Twitter and Bit.ly are trying to get into that space)
>>>
>>> I'm not sure about the part were OWASP would running these services (i.e.
>>> used in the real world), since that should be done by a 'commercially
>>> focused' entity (with SLAs, backups, support, etc..). I think OWASP's role
>>> should be on everything else BUT running the live service (think Ecosystem,
>>> project, PoCs, rules of engagement, security reviews, etc...)
>>>
>>> There was actually a PoC created a while back on this exact topic
>>> (including a live example of it running) but I can't remember who did it (I
>>> think it was implemented in Java??). I just tried to find it on my inbox(ex)
>>> and had no luck, so are the involved parties on this list so that they can
>>> put my memory to shame? (and point us to what has already been done)
>>>
>>> Dinis Cruz
>>>
>>>
>>>
>>> On 11 October 2010 16:33, Neil Matatall <neil at owasp.org> wrote:
>>>
>>>> Would there be any interest in developing an OWASP tinyurl service?  It
>>>> might be a good way to use the brand to promote security with the potential
>>>> for damage if a nasty link gets through.
>>>>
>>>> There would have to be...
>>>>
>>>>    - an approval process (so there would be very few links actually
>>>>    "endorsed")
>>>>    - a review and alerting process in the case that a site gets
>>>>    compromised
>>>>    - an endorsement of the source by multiple members/leaders
>>>>    - etc
>>>>
>>>> I think I just talked myself out of this but it could be useful and a
>>>> way to get a little more brand recognition out there.  My vote would be that
>>>> this is too cumbersome and the potential impact is a little too big for my
>>>> comfort.  Nevertheless, I would like to discuss this if others are willing
>>>> and interested.
>>>>
>>>> Neil
>>>>
>>>>
>>>> On Mon, Oct 11, 2010 at 5:53 AM, Ferdinand Vroom <
>>>> ferdinand.vroom at owasp.org> wrote:
>>>>
>>>>> Paulo,
>>>>>
>>>>> We would like to use a short url for our opsomming BeNeLux conference.
>>>>> Preferrably, http://www.owasp.org/benelux.
>>>>> Could you arrange for that?
>>>>>
>>>>> Greetings,
>>>>>
>>>>> Ferdinand
>>>>> Netherlands Chapter
>>>>>
>>>>> 2010/10/9, Paulo Coimbra <paulo.coimbra at owasp.org>:
>>>>> > Leaders,
>>>>> >
>>>>> >
>>>>> >
>>>>> > I am glad to announce I've just set a new project up - the OWASP
>>>>> Secure Web
>>>>> > Application Framework Manifesto, led by Rohit Sethi. Please welcome
>>>>> his new
>>>>> > OWASP initiative!
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> http://www.owasp.org/index.php/OWASP_Secure_Web_Application_Framework_Manife
>>>>> > sto#tab=Project_About
>>>>> >
>>>>> >
>>>>> >
>>>>> > http://www.owasp.org/index.php/User:Rksethi
>>>>> >
>>>>> >
>>>>> >
>>>>> > As always, your suggestions and contributions would be greatly
>>>>> appreciated.
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> > In addition, this project already has a very mature release, OWASP
>>>>> Secure
>>>>> > Web Application Framework Manifesto/Version v0.08 - please glance at
>>>>> it.
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> http://www.owasp.org/index.php/Projects/OWASP_Secure_Web_Application_Framewo
>>>>> > rk_Manifesto/Releases/Current
>>>>> >
>>>>> >
>>>>> >
>>>>> > If the project leader and his contributors ultimately decide to have
>>>>> this
>>>>> > release assessed as I am counting on, I will update you.
>>>>> >
>>>>> >
>>>>> >
>>>>> > Many thanks, regards,
>>>>> >
>>>>> >
>>>>> >
>>>>> > Paulo Coimbra,
>>>>> >
>>>>> >  <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>>
>>>>> --
>>>>> Verzonden vanaf mijn mobiele apparaat
>>>>>
>>>>> Ferdinand Vroom
>>>>> OWASP Dutch Chapter Board Member
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> --
>>>>
>>>> Neil
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>>
>> --
>>
>> Neil
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> -[ Michael Scovetta ]-
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 

--

Neil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101012/08ee7464/attachment-0001.html 


More information about the OWASP-Leaders mailing list