Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in the manual
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.
Omg he haxx
Transcript of Omg he haxx
Network / Server
An introduction to the OWASP Game Security Framework ++
OMG He HAXX!
HP Fortify On Demand
Honorary NOVAH member
My Team is awesome: Dawn, James, Kevin, JamesL, Dan, Brent, Mohsan.
Games and $$$
RTS / MOBA
The Game Industry
Projected to hit 70 billion in 2014
Only a select few gaming companies have the experience, Blizzard being the largest.
Very few references.
Few security companies are participating
Lots of burden left on QA, lets help them out
A Noobs Framework ++
Game *exploits* remain non-transparent for a developer or QA
Design a checklist of sorts for
Divide and conquer:
Design from vulns upwards
Prone to traditional exploits
RCE == pwned players
Memory Modification == cheated games
Race Conditions == cheated games
Some Traditional Thick Client Defenses
DEP, ASLR, ++
Advanced anti debugging
Replay Attacks == cheating
Transport Security == mitm + cheating
DoS == loss of revenue
Traditional Web Server Type Exploits == Sad Panda
History => Exploit => Cause => Defense
This project will need a lot of help. Hence OWASP.
Exploit Mitigation Server Side
Hosting level mitigation
Ninja Operations Team for IR
Having IR Policies
Accounts tied to web apps
Need secure payment options
Trying to find sec companies with experience in gaming to help
Reverse engineering exploits at a high level
Finding Places put new classes of *exploits*
Setting up OWASP wiki content
Parsing previous work
There is more than C/N/S
Spam and phishing
Chat and Mail
(trade + AH)
Currently we are...
More In-game Problems
Are interested in video games
Know sec people in that industry
Want to hack something new
Triviality or Economic upset kills player base
SPAM and Phishing
Spam campaigns are now more aggressive for games than dating, sex, ponzi, or Nigerian prince/princess.
RMT is estimated at 10 billion
No games were harmed in the making of this presentation
Also safer for spammers b/c no laws exist protecting virtual goods / currencies.