OWASP Game Security Framework Project

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

OWASP Game Security Framework Project
Some of the most prolific apps these days are video games. They are sponsored, scrutinized, monetized, and celebrated, just like many sports. They handle clients, servers, monetary transfers, social interactions, etc, with every bit the need of security that most internet hosted apps have (if not more in some cases). This NEW OWASP project will help classify the diverse types of game hacks that exist for some of the worlds biggest games. We'll use history as an example, and break down the flaws as much as possible, creating a do-not-do list of flaws new game companies can reference when creating new games.

Description
The launch presentation can be seen here:

[http://prezi.com/gxbsztacrrca/omg-he-haxx/ OMG He HAXX! and introduction the OWASP Game Security Framework]



Licensing
OWASP Game Security Framework Project is free to use. It is licensed under the Apache 2.0 License which has the fewest restrictions, even allowing proprietary modifications and proprietary forks of the project.


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

What is the GSF?
OWASP GSF provides:


 * Classifications of vulnerability types
 * Technical guidance for new game developers

Presentation
[http://prezi.com/gxbsztacrrca/omg-he-haxx/ OMG He HAXX! and introduction the OWASP Game Security Framework]

Project Leaders

 * Jason Haddix
 * Daniel Miessler


 * valign="top" style="padding-left:25px;width:200px;" |

News and Events

 * Talk to us on twitter: @game_hacking

Classifications

 * }

=Client= =Network= =Server= =In-Game= In-game exploits represent classes of bugs that are not insecure code or configurations, but rather logic based flaws in design or implementation. Most often in-game issues are the domain of a security minded QA engineer.

Combat Exploitation
Combat Exploitation is a in-game category of bug that is usually leveraged to give the player an unfair advantage over advisaries by manipulating game systems such as terrain, buff mechanics, etc.

Terrain Exploits
Terrain exploits often utilize bad ledges, walls, cliffs, etc, to render player(s) un-targetable by mobs. Thus allowing players to damage bosses or other players without being targetable themselves. This creates triviality in combat situations.


 * References:

Buff/Debuff Stacking
Buff/debuff stacking is a method where single target or group buffs/debuffs achieve higher than desired results on/for player(s) creating triviality in combat situations.


 * References:


 * 6/25/2013 - NeverWinter

Boss Skipping
=Wet-ware= = Road Map and Getting Involved = As of Jan 22, 2014, the priorities are:


 * initial categorization
 * historical research
 * content creation and wiki creation
 * PDF guide

Involvement in the development and promotion of GSF is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
 * Tell us of of a new game hack! Contact via email or twitter!
 * Offer technical breakdown of attack we are not experts on or practical defenses against them.

= Previous Work =

There exists several sources (although not enough) of materials related to gaming security. We will update this section with links to those resources.