OWASP Game Security Framework Project

From OWASP
Jump to: navigation, search
[edit]

OWASP Project Header.jpg

OWASP Game Security Framework Project

Some of the most prolific apps these days are video games. They are sponsored, scrutinized, monetized, and celebrated, just like many sports. They handle clients, servers, monetary transfers, social interactions, etc, with every bit the need of security that most internet hosted apps have (if not more in some cases). This NEW OWASP project will help classify the diverse types of game hacks that exist for some of the worlds biggest games. We'll use history as an example, and break down the flaws as much as possible, creating a do-not-do list of flaws new game companies can reference when creating new games.


Description

The launch presentation can be seen here:


OMG He HAXX! and introduction the OWASP Game Security Framework
GSF preso thumb.png


Licensing

OWASP Game Security Framework Project is free to use. It is licensed under the Apache 2.0 License which has the fewest restrictions, even allowing proprietary modifications and proprietary forks of the project.


What is the GSF?

OWASP GSF provides:

  • Classifications of vulnerability types
  • Technical guidance for new game developers


Presentation

OMG He HAXX! and introduction the OWASP Game Security Framework


Project Leaders

  • Jason Haddix
  • Daniel Miessler



News and Events


Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg


In-game exploits represent classes of bugs that are not insecure code or configurations, but rather logic based flaws in design or implementation. Most often in-game issues are the domain of a security minded QA engineer.


Combat Exploitation

Combat Exploitation is a in-game category of bug that is usually leveraged to give the player an unfair advantage over advisaries by manipulating game systems such as terrain, buff mechanics, etc.


Terrain Exploits

Terrain exploits often utilize bad ledges, walls, cliffs, etc, to render player(s) un-targetable by mobs. Thus allowing players to damage bosses or other players without being targetable themselves. This creates triviality in combat situations.

References:

Buff/Debuff Stacking

Buff/debuff stacking is a method where single target or group buffs/debuffs achieve higher than desired results on/for player(s) creating triviality in combat situations.

References:
6/25/2013 - NeverWinter



Boss Skipping

As of Jan 22, 2014, the priorities are:

  • initial categorization
  • historical research
  • content creation and wiki creation
  • PDF guide


Involvement in the development and promotion of GSF is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • Tell us of of a new game hack! Contact via email or twitter!
  • Offer technical breakdown of attack we are not experts on or practical defenses against them.

There exists several sources (although not enough) of materials related to gaming security. We will update this section with links to those resources.