[Owasp-leaders] Use data mining for OWASP top 10

Jason Johnson jason.johnson at owasp.org
Fri Mar 1 16:51:29 UTC 2013

I'm not sure what I did???? (pressed tab)

Anyhow (try this again)
Dear Leaders,

     I have been thinking lots about info gathering and things that people
are doing around the world. My thinking leads me to social media one of the
big dudes TWITTER. Most of the time like 95% of it tweets are sent out
prior to any sort of an attack. So I got crafty and started looking at
twitter API and how according to there documents that they will allow us to
search and store 400 key words or search recipes. I did a project that was
called the mood of the Internet. It used a ARDUINO broad and an few leds.
It used TWITTER api to search on key words such as SAD+DAY or CRY+FAIL and
it would return a value. based on that it would turn the led a certain
color. I did not store any data it was more of a alert tool.

   I would like your thoughts on this and my idea is to use a Raspberrpi as
the controller plugged into the network. We could call it OWASP Sting or
something here is my test server. www.netgreen.us this is a 35$ server that
runs on 5v it has a 700mhz Arm processor and its running wordpress. This is
my idea...

   It uses the Twitter *streaming API* to gather tweets for selected
keywords and stores them in a *MySQL database*. Entities within the tweets,
including user @mentions, hashtags, and URLs are stored in separate tables
to optimize the performance of tweet data mining. The rest of the modules
in this framework use this database. Thank to ADAM GREEN for the api
documentation. The database is populated in two steps: getting the tweets,
and parsing them into multiple tables. It is important to separate these
operations, because tweets may be sent by the Twitter API at a very fast
rate. If each tweet is parsed and inserted into multiple tables as it is
received, the code and database may not be able to keep up with the data
flow, and tweets will be lost. My solution is to store the tweets as they
are received in a simple cache table without doing any parsing. A separate
process does the parsing and storage into separate tables.
In my experience twitter is "wonky" spesh on Fridays when they do there
code pushes. So I am working on a monitor of the twitter monitor that will
tweet issues with the API such as oath changes ex.

Think about this we make a small computer RaspberryPI that members can plug
in and we can grow a OWASP HIVE this is running DEBIAN for Raspi called
Raspian and so far its awesome. you can even overcloack this thing to 1gig
but its not needed. I ordered one more just to make a prototype of this
idea and the domain netgreen.us is mine this could be powerful to have 3
out of 10 members to have a HIVE <------ cool name set up at there home. If
its light weight and can run in UNIX we can make it part of the OS on the
Raspberry PI. The twitter gathering is just one part of 100s  of things we
can do with this. I know lots about electronics and some about the code
that makes them work. So before I get more excited about this and start a
project in owasp I want to know who's with me?

Think about this

We have a hive network that hosts a dashboard with the attitude of the hive
and the Internet by using data mined from twitter and others. maybe we can
incorporate tools like ZAP or any of the others into this. The thing is we
sell this not to make money but to establish a statistics and data rich
network. The fact that it cost 35$ with a case that has a WASP on it maybe
a bit more. With the push of global security of our assets there is not a
better time. I would not ask any other group but owasp this foundation is
the smarts of the net. We can make something that is both supportive of our
cause and a huge data rich Internet HIVE that if its kicked we know why.

That's all I have

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130301/c3e22093/attachment.html>

More information about the OWASP-Leaders mailing list