Difference between revisions of "OWASP Game Security Framework Project"

Jump to: navigation, search
Line 95: Line 95:
* [http://mmogfails.blogspot.com/2013/06/yet-another-guardian-fighter-exploit.html 6/25/2013 - NeverWinter]
* [http://mmogfails.blogspot.com/2013/06/yet-another-guardian-fighter-exploit.html 6/25/2013 - NeverWinter]
== Boss Skipping ==

Revision as of 03:33, 22 January 2014

OWASP Project Header.jpg

OWASP Game Security Framework Project

Some of the most prolific apps these days are video games. They are sponsored, scrutinized, monetized, and celebrated, just like many sports. They handle clients, servers, monetary transfers, social interactions, etc, with every bit the need of security that most internet hosted apps have (if not more in some cases). This NEW OWASP project will help classify the diverse types of game hacks that exist for some of the worlds biggest games. We'll use history as an example, and break down the flaws as much as possible, creating a do-not-do list of flaws new game companies can reference when creating new games.


The launch presentation can be seen here:

OMG He HAXX! and introduction the OWASP Game Security Framework
GSF preso thumb.png


OWASP Game Security Framework Project is free to use. It is licensed under the Apache 2.0 License which has the fewest restrictions, even allowing proprietary modifications and proprietary forks of the project.

What is the GSF?

OWASP GSF provides:

  • Classifications of vulnerability types
  • Technical guidance for new game developers


OMG He HAXX! and introduction the OWASP Game Security Framework

Project Leaders

  • Jason Haddix
  • Daniel Miessler

News and Events


Owasp-incubator-trans-85.png Owasp-builders-small.png
Project Type Files DOC.jpg

Combat Exploitation

Combat Exploitation is a in-game category of bug that is usually leveraged to give the player an unfair advantage over advisaries by manipulating game systems such as terrain, buff mechanics, etc.

Terrain Exploits

Terrain exploits often utilize bad ledges, walls, cliffs, etc, to render player(s) un-targetable by mobs. Thus allowing players to damage bosses or other players without being targetable themselves. This creates triviality in combat situations.


Buff/Debuff Stacking

Buff/debuff stacking is a method where single target or group buffs/debuffs achieve higher than desired results on/for player(s) creating triviality in combat situations.


Boss Skipping

As of Jan 22, 2014, the priorities are:

  • initial categorization
  • historical research
  • content creation and wiki creation
  • PDF guide

Involvement in the development and promotion of GSF is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • Tell us of of a new game hack! Contact via email or twitter!
  • Offer technical breakdown of attack we are not experts on or practical defenses against them.