This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Video Game Security Framework"
(→OWASP Video Game Security Framework (VGSF)) |
(→About the Project) (Tag: Visual edit) |
||
Line 4: | Line 4: | ||
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
− | | | + | | style="border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
− | ==OWASP Game Security Framework ( | + | ==OWASP Video Game Security Framework (VGSF)== |
+ | |||
+ | '''OWASP Video Game Security Framework (VGSF) defines an approach to discovering solutions for strategy, development, operations, and management surrounding security for video game industry business models''' | ||
− | + | Most organizations that operate in the digital landscape approach security as a last afterthought when compared to the overall business strategy and operations. In the recent years it has become more apparent the consequences of such behavior with increasingly amounts of data breaches happening. The cost associated with an organization’s loss of intellectual property and other digital assets has reached the millions. With the fast growth of the video game industry (174 billion by 2021 - Newzoo Global Game Forecast) in recent years, it is critical that organizations operating in this space have a strong security posture. Cyber-attacks aimed at various components of a business can affect the interoperability, user protected info, end-game product, and overall business model. As more businesses and clients operate in the cyber space its important to leverage security as a way to create sustainable trust, lead competitively, and operate more agile with different types of data. | |
− | + | ''The framework is comprised of five discipline areas that could produce many best practice methodologies:'' | |
− | |||
− | ''The framework is | ||
Line 49: | Line 49: | ||
{{Social Media Links}} | {{Social Media Links}} | ||
− | | | + | | style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
== What is the OWASP Game Security Framework? == | == What is the OWASP Game Security Framework? == | ||
Line 84: | Line 84: | ||
* [[OWASP_Mobile_Security_Project|OWASP Mobile Security]] | * [[OWASP_Mobile_Security_Project|OWASP Mobile Security]] | ||
− | | | + | | style="padding-left:25px;width:200px;" valign="top" | |
== Collaboration == | == Collaboration == | ||
Line 101: | Line 101: | ||
{| width="200" cellpadding="2" | {| width="200" cellpadding="2" | ||
|- | |- | ||
− | | rowspan="2" | + | | rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]] |
− | | | + | | width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=]] |
|- | |- | ||
− | | | + | | width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=]] |
|- | |- | ||
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]] | | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]] | ||
Line 118: | Line 118: | ||
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
− | | | + | | style="border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
== Attack Surfaces == | == Attack Surfaces == | ||
Line 124: | Line 124: | ||
The following is a list of the attack surfaces that can be found in video games of various types. | The following is a list of the attack surfaces that can be found in video games of various types. | ||
− | {| class="wikitable | + | {| class="wikitable" style="text-align: left" border="1" |
! Attack Surface | ! Attack Surface | ||
! Description | ! Description | ||
Line 147: | Line 147: | ||
{{Social Media Links}} | {{Social Media Links}} | ||
− | | | + | | style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
== What is the Attack Surfaces Section? == | == What is the Attack Surfaces Section? == | ||
Line 178: | Line 178: | ||
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
− | | | + | | style="border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
== Game Security Vulnerabilities == | == Game Security Vulnerabilities == | ||
Line 184: | Line 184: | ||
The following is a list of the vulnerabilities that can be found in video games of various types, and the attack surfaces they're likely to be associated with. | The following is a list of the vulnerabilities that can be found in video games of various types, and the attack surfaces they're likely to be associated with. | ||
− | {| class="wikitable | + | {| class="wikitable" style="text-align: left" border="1" |
! Attack Surface | ! Attack Surface | ||
! Vulnerability Name | ! Vulnerability Name | ||
Line 222: | Line 222: | ||
{{Social Media Links}} | {{Social Media Links}} | ||
− | | | + | | style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
== What is the Game Security Vulnerabilities Project? == | == What is the Game Security Vulnerabilities Project? == | ||
Line 253: | Line 253: | ||
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
− | | | + | | style="border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
== Exploits == | == Exploits == | ||
Line 259: | Line 259: | ||
This list refers to what a given attacker might use to take advantage of a given bug within the game. | This list refers to what a given attacker might use to take advantage of a given bug within the game. | ||
− | {| class="wikitable | + | {| class="wikitable" style="text-align: left" border="1" |
! Exploit | ! Exploit | ||
! Description | ! Description | ||
Line 285: | Line 285: | ||
{{Social Media Links}} | {{Social Media Links}} | ||
− | | | + | | style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
== The Exploits Project == | == The Exploits Project == | ||
Line 316: | Line 316: | ||
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
− | | | + | | style="border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
== Attacker Goals == | == Attacker Goals == | ||
Line 322: | Line 322: | ||
This list refers to what a given attacker might be trying to accomplish within the game by performing a given attack. This could relate very closely (or not) with the technical impact or business impact cause by the behavior. | This list refers to what a given attacker might be trying to accomplish within the game by performing a given attack. This could relate very closely (or not) with the technical impact or business impact cause by the behavior. | ||
− | {| class="wikitable | + | {| class="wikitable" style="text-align: left" border="1" |
! Attacker Goal | ! Attacker Goal | ||
! Description | ! Description | ||
Line 348: | Line 348: | ||
{{Social Media Links}} | {{Social Media Links}} | ||
− | | | + | | style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
== What is the Attacker Goals Project == | == What is the Attacker Goals Project == | ||
Line 379: | Line 379: | ||
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
− | | | + | | style="border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
== Negative Outcomes == | == Negative Outcomes == | ||
Line 385: | Line 385: | ||
The following is a list of possible negative outcomes that can occur as the result of someone successfully attacking a given game. | The following is a list of possible negative outcomes that can occur as the result of someone successfully attacking a given game. | ||
− | {| class="wikitable | + | {| class="wikitable" style="text-align: left" border="1" |
! Outcomes | ! Outcomes | ||
! Description | ! Description | ||
Line 416: | Line 416: | ||
{{Social Media Links}} | {{Social Media Links}} | ||
− | | | + | | style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
== What is the Negative Outcomes Project? == | == What is the Negative Outcomes Project? == | ||
Line 447: | Line 447: | ||
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
− | | | + | | style="border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
== Defenses == | == Defenses == | ||
These are some of the common defenses that can be used to counter attacks against various components of a game. | These are some of the common defenses that can be used to counter attacks against various components of a game. | ||
− | {| class="wikitable | + | {| class="wikitable" style="text-align: left" border="1" |
! Outcomes | ! Outcomes | ||
! Description | ! Description | ||
Line 479: | Line 479: | ||
{{Social Media Links}} | {{Social Media Links}} | ||
− | | | + | | style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
== What is the Game Security Vulnerabilities Project? == | == What is the Game Security Vulnerabilities Project? == |
Revision as of 06:05, 9 April 2019
- About the Project
- Attack Surfaces
- Vulnerabilities
- Exploits
- Attacker Goals
- Negative Outcomes
- Defenses
- Examples
- Community
- Testing Tools
- Project About
OWASP Video Game Security Framework (VGSF)OWASP Video Game Security Framework (VGSF) defines an approach to discovering solutions for strategy, development, operations, and management surrounding security for video game industry business models Most organizations that operate in the digital landscape approach security as a last afterthought when compared to the overall business strategy and operations. In the recent years it has become more apparent the consequences of such behavior with increasingly amounts of data breaches happening. The cost associated with an organization’s loss of intellectual property and other digital assets has reached the millions. With the fast growth of the video game industry (174 billion by 2021 - Newzoo Global Game Forecast) in recent years, it is critical that organizations operating in this space have a strong security posture. Cyber-attacks aimed at various components of a business can affect the interoperability, user protected info, end-game product, and overall business model. As more businesses and clients operate in the cyber space its important to leverage security as a way to create sustainable trust, lead competitively, and operate more agile with different types of data. The framework is comprised of five discipline areas that could produce many best practice methodologies:
LicensingThe OWASP Game Security Framework is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
|
What is the OWASP Game Security Framework?The goal of the OWASP Game Security Framework is to provide a structure for discussing the various aspects around the security of video games. The target audience for the project includes:
Project Leaders
Contributors
Related Projects |
CollaborationQuick DownloadCOMING SOON News and Events
Classifications |
Attack SurfacesThe following is a list of the attack surfaces that can be found in video games of various types.
|
What is the Attack Surfaces Section?This section provides an overview of the various places an attacker can target to harm a given game infrastructure. Sub-project Leader
Related ProjectsCollaborationQuick Download
News and Events
|
Game Security VulnerabilitiesThe following is a list of the vulnerabilities that can be found in video games of various types, and the attack surfaces they're likely to be associated with.
|
What is the Game Security Vulnerabilities Project?The Security Vulnerabilities Project provides information on what types of vulnerabilities exist within games, and which attack surfaces they fall under. Sub-project Leader
Related ProjectsCollaborationResourcesNews and Events
|
ExploitsThis list refers to what a given attacker might use to take advantage of a given bug within the game.
|
The Exploits ProjectThe Exploits provides information on what types of tools and techniques an attacker might use to accomplish his/her goal. Sub-project Leader
Related ProjectsCollaborationResourcesNews and Events
|
Attacker GoalsThis list refers to what a given attacker might be trying to accomplish within the game by performing a given attack. This could relate very closely (or not) with the technical impact or business impact cause by the behavior.
|
What is the Attacker Goals ProjectThe Attacker Goals Project provides information on what types of outcomes attackers might try to achieve within or outside of the game they're attacking. Sub-project Leader
Related ProjectsCollaborationResourcesNews and Events
|
Negative OutcomesThe following is a list of possible negative outcomes that can occur as the result of someone successfully attacking a given game.
|
What is the Negative Outcomes Project?The Negative Outcomes Project provides information on what types of situations could manifest within the game if bugs or exploits are not successfully addressed. Project Leader
Related ProjectsCollaborationResourcesNews and Events
|
DefensesThese are some of the common defenses that can be used to counter attacks against various components of a game.
|
What is the Game Security Vulnerabilities Project?The Security Vulnerabilities Project provides information on what types of vulnerabilities exist within games, and which attack surfaces they fall under. Project Leaders
Related ProjectsCollaborationResourcesNews and Events
|
Real-world Examples of Gaming Vulnerabilities
Vulnerability
ID | Vulnerabilty Name | Description | Surface Area | Goal | Techical Impact | Business Impact | Defense | Ref | Game | Genre |
---|---|---|---|---|---|---|---|---|---|---|
V1 | Local Resource Modification, Client-side Logic Flaw | In 2015 The Division experienced an exploit that allowed an attacker to switch weapons rapidly, applying weapon buffs in a stacking manner, with no cap. | Game Client | Unfair Player Advantage | Player Anger | Players leave, Lost Revenue | Cryptographic Integrity Checks on Game Client | http://www.gamesradar.com/theres-a-division-damage-stacking-glitch-if-youve-got-fast-fingers/ | 3PS/1PS/MMO | |
VN1 | "The attacker attacked and edited the LOCAL GAME CLIENT (Attack Surface) , which had a LACK OF CLIENT INTEGRITY CONTROLS (Vulnerability) , which allowed her to ARTIFICIALLY INCREASE HER ABILITIES (Attacker Goal) , ultimately leading to an UNHAPPY PLAYER BASE (Negative Outcome) and DECLINING GAME REVENUE (Negative Outcome) due to cheating, which could have been prevented by CRYPTOGRAPHIC INTEGRITY CHECKS ON GAME CLIENT ”
| |||||||||
Working Data Collection Spreadsheet:
https://docs.google.com/spreadsheets/d/1Og08wyHsqtODBDkU_M2zHAvdxc63GSu-OmT8NjCc9Ak/edit#gid=0
We are actively looking for people to help in the following areas:
- Improving the framework schema, e.g., vulns, attack surfaces, technical impacts, business impacts, defenses, etc.
- Adding content to any of the various sections
- Input from avid gamers on how useful this is to them
- Input from app security experts
- Input from security types working at gaming companies
- Input from game company business types
If you have interest in helping, reach out to us and we'll make you a contributor.
Commonly Used Game Hacking Tools
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|