This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Video Game Security Framework"

From OWASP
Jump to: navigation, search
m
(Prevention)
Line 532: Line 532:
 
In the prevention phase begins the implementation of a security solution.
 
In the prevention phase begins the implementation of a security solution.
 
This phase can have many sub tasks/levels depending on what you are implementing.
 
This phase can have many sub tasks/levels depending on what you are implementing.
Some of the planning work could have been done in the strategy phase.
 
  
1. Plan
 
2.
 
  
  
 +
<br />
 +
'''Prevention Process'''
 +
<br />
 +
:1.    Plan
 +
 +
:2.    Analyze
 +
 +
:3.    Design
 +
 +
:4.    Build
 +
 +
:5.    Deploy
 +
<br />
 +
'''1. Plan'''
 +
 +
<br />
 +
Some of the planning work could have been done in the strategy phase.
 +
 +
<br />
 +
'''''Example Questions to ask:'''''
 
What do we need a security solution for?
 
What do we need a security solution for?
 
1. Application  
 
1. Application  
Line 543: Line 560:
 
3. IT infrastructure
 
3. IT infrastructure
 
4. Identity & Access Management
 
4. Identity & Access Management
 +
<br />
 +
'''''What''''' do we need a security solution for?
 +
<br />
 +
:1)    Software Application
 +
 +
::a)    General Data Protection Regulation (GDPR)
 +
::b)    Payment Card Industry Data Security Standard (PCI)
 +
::c)    The National Institute for Standards and Technology (NIST)
 +
 +
:2)    Data Protection
 +
 +
::a)    Open Web Application Security Project (OWASP)
 +
::b)    Payment Card Industry Data Security Standard (PCI)
 +
::c)    The National Institute for Standards and Technology (NIST)
 +
 +
:3)    IT Infrastructure
 +
 +
::a)    Microsoft
 +
::b)    Sony
 +
 +
 +
 +
:4)  Identify & Access Management
 +
<br />
 +
'''''Does''''' it align with our overall security & business strategy?
 +
 +
<br />
 +
'''''Does''''' it fit in our current architecture?
 +
<br />
 +
'''''What''''' would the impact on this solution be?
 +
<br />
 +
 +
'''2. Analyze'''
 +
<br />
 +
 +
'''''What''''' capabilities do we need to assess?
 +
:1)  Application
 +
:2)  Architecture
 +
:3)  Processes & Flows
 +
<br />
 +
 +
'''''What''''' functions exist in the current security solutions vs future?
 +
<br />
 +
 +
'''3. Design'''
 +
<br />
 +
'''''How''''' exactly do we want this solution to function?
 +
:1) Configuration
 +
 +
'''4. Build'''
 +
:1) Assigning work tasks and doing them
 +
<br />
 +
 +
 +
'''5. Test'''
 +
:1) What is our testing strategy?
 +
 +
:2) How do we shift when bugs are found?
 +
 +
<br />
 +
 +
'''6. Deploy'''
 +
:1) What is our "go-live" strategy for moving the solution from development to production?
 +
 +
<br />
  
{| class="wikitable" style="text-align: left" border="1"
 
! Exploit
 
! Description
 
|-
 
| '''DDoS'''
 
|Force a player to DC, or attack the game itself so that it cannot serve customers.
 
|-
 
| '''Client Modification'''
 
|Modify the client in a way that gives advantage.
 
|-
 
| '''Malicious Macros'''
 
|Implementation of macros that perform unwanted actions.
 
|-
 
| '''Social Engineering'''
 
|Getting a player, mod, or game staff member to perform an action that helps the attacker.
 
|-
 
| '''Use Physics Bug'''
 
|Interact with the world in a way that makes the physics engine do what the attacker wants.
 
|-
 
|'''Malform Network Traffic'''
 
|Send modified network traffic that tricks or disrupts an opposing player or the game itself.
 
|-
 
|}
 
  
 
{{Social Media Links}}
 
{{Social Media Links}}

Revision as of 03:24, 2 May 2019

OWASP Project Header.jpg

OWASP Video Game Security Framework (VGSF)

OWASP Video Game Security Framework (VGSF) defines an approach to discovering solutions for strategy, development, operations, and management surrounding security for video game industry business models


Most organizations that operate in the digital landscape approach security as a last afterthought when compared to the overall business strategy and operations. In the recent years it has become more apparent the consequences of such behavior with increasingly amounts of data breaches happening. The cost associated with an organization’s loss of intellectual property and other digital assets has reached the millions.


With the fast growth of the video game industry (174 billion by 2021 - Newzoo Global Game Forecast) in recent years, it is critical that organizations operating in this space have a strong security posture. Cyber-attacks aimed at various components of a business can affect the interoperability, user protected info, end-game product, and overall business model. As more businesses and clients operate in the cyber space its important to leverage security as a way to create sustainable trust, lead competitively, and operate more agile with different types of data.

The framework is comprised of five discipline areas that could produce many best practice methodologies:
VGSF-LOGO.png


I. Business Strategy & Risk


II. Governance & Compliance


III. Prevention

This will be one of the largest sections as it is comprised of many different aspects of overall cyber security


IV. Management


V. Service Delivery & Support

Licensing

The OWASP Video Game Security Framework is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


What is the OWASP Video Game Security Framework?

The goal of the OWASP Video Game Security Framework is to provide an adaptable blueprint to guide the development and deployment of cyber resiliency within a video game enterprise operation.

The target audience for the project includes:

  • Game Publishers
  • Game Developers
  • Security Professionals
  • Consumer Gamers
  • Quality Assurance Testers
  • Business Stakeholders in the Gaming Industry
  • Industry Enthusiasts

Project Leaders

  • Romen Brewer

Contributors

  • TBD

Related Projects

Collaboration

Join the discord channel: [1]

Quick Download

COMING SOON

News and Events

  • April, 2019: Site Creation and Discord channel creation.


Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg