The End of Possessor
Before I begin a security audit, I try to make sure that the client owns their website. Normally, this is pretty easy and obvious. However, sometimes it takes a little bit more work. That’s why I had thought of launching the tool called Possessor.
Living at possessor.app, this product would play the part of verifying website / domain ownership. Like how you have to validate your domain for other tools, this would give you the chance to upload an HTML file or place a DNS record. Then, it could periodically validate and verify ownership if you chose. There would be an API so that you could integrate this service into your own app.
So, for example, if I built a website security scanner app, I could integrate Possessor via API to validate the ownership of the site before I ran the scan. We don’t want to just be scanning anyone’s website - we want to have permission.
I still think the idea is a good one, but I don’t see a clear path forward for the monetization versus the amount of money / time it would take to build it. I came up with the idea nearly a year ago, and haven’t made any progress at it. So, with this, I’m calling it quits - and opening it up to the world. Maybe someone else will build it!