Hack your game to fix security issues: Subgraph Vega

The place to ask questions about 3DStudio Max, Blender, Pro Motion, open source items, libraries, ect..

Hack your game to fix security issues: Subgraph Vega

Postby Kesstryl » Sun Aug 20, 2017 10:19 am

I tried installing several different vulnerability scanners, and this one was the only one that worked right out of the box for me. The application works by scanning your game, and trying to insert hacks to see if it can perform XSS and other types of hacking, then it shows a report of the security issues in your game. By using it, I was able to find out that though I set my cookies to httponly, it wasn't working as intended, and so I was able to implement a fix which did work. It was also helpful for me to find areas where the code had short tags on the game help pages (legacy game engine that I didn't write but am updating) which were echoing code and not the intended data. In addition to finding security holes in your game, it can also expose security holes in your server set up, which is really helpful if you run your own server and have access to the server ini and config files. I'm recommending this because I think it's important for game developers to have a tool for finding and fixing security issues with their games, and this one is easy to install and use. Here's the link to the Subgraph Vega site:

https://subgraph.com/vega/index.en.html
Play my open beta text based RPG Dragon Lord at http://dragonlordrpg.com
User avatar
Kesstryl
 
Posts: 201
Joined: Sat Sep 22, 2012 12:27 am
Location: Gallifrey
Has thanked: 38 times
Been thanked: 3 times

Re: Hack your game to fix security issues: Subgraph Vega

Postby GameMaster » Sun Aug 20, 2017 10:44 am

Interesting. This is run via browser http or in SSL?
User avatar
GameMaster
 
Posts: 50
Joined: Fri Mar 28, 2014 3:14 pm
Has thanked: 2 times
Been thanked: 1 time

Re: Hack your game to fix security issues: Subgraph Vega

Postby hallsofvallhalla » Mon Aug 21, 2017 3:56 pm

Wow thanks for the link! Very cool stuff here.
User avatar
hallsofvallhalla
Site Admin
 
Posts: 11946
Images: 13
Joined: Wed Apr 22, 2009 6:29 pm
Location: mobile, al
Has thanked: 11 times
Been thanked: 158 times
Blog: View Blog (3)

Re: Hack your game to fix security issues: Subgraph Vega

Postby Kesstryl » Mon Aug 21, 2017 6:41 pm

GameMaster wrote:Interesting. This is run via browser http or in SSL?


I had to run it in http because for some reason I can't get the SSL certificate link to work, but it's easy to reset your browser to not use its proxy after you are done. I had the SSL problem with one of the other scanners too, but at least this one will scan without the SSL certificate on localhost, which is all I needed it for.
Play my open beta text based RPG Dragon Lord at http://dragonlordrpg.com
User avatar
Kesstryl
 
Posts: 201
Joined: Sat Sep 22, 2012 12:27 am
Location: Gallifrey
Has thanked: 38 times
Been thanked: 3 times

Re: Hack your game to fix security issues: Subgraph Vega

Postby GameMaster » Mon Aug 21, 2017 6:53 pm

Kesstryl, thanks for your reply. So you upload to your public folder like http://www.yourdomain.com/vega/ and then point your browser to it?
User avatar
GameMaster
 
Posts: 50
Joined: Fri Mar 28, 2014 3:14 pm
Has thanked: 2 times
Been thanked: 1 time

Re: Hack your game to fix security issues: Subgraph Vega

Postby Jackolantern » Tue Aug 22, 2017 10:39 am

Nice! I will have to check this out.
The indelible lord of tl;dr
User avatar
Jackolantern
 
Posts: 10889
Joined: Wed Jul 01, 2009 6:00 pm
Location: Houston, TX
Has thanked: 22 times
Been thanked: 92 times
Blog: View Blog (1)

Re: Hack your game to fix security issues: Subgraph Vega

Postby Kesstryl » Mon Aug 28, 2017 3:37 pm

GameMaster wrote:Kesstryl, thanks for your reply. So you upload to your public folder like http://www.yourdomain.com/vega/ and then point your browser to it?


No, it's a separate installation, and there are instructions for getting your browser to work with the port that the application uses so the application can poke at your game. The instructions seem to work best for Firefox, and once you are done, if you can't get the SSL certificate to work, you can easily switch your browser back to its default setting so you can surf the web again. What I did was pull up my site in Firefox, then go through the changes to make Firefox listen to the port that Subraph Vega uses, and once all my scans were done, I switched Firefox back to normal. Their website has instructions for doing all of this.
Play my open beta text based RPG Dragon Lord at http://dragonlordrpg.com
User avatar
Kesstryl
 
Posts: 201
Joined: Sat Sep 22, 2012 12:27 am
Location: Gallifrey
Has thanked: 38 times
Been thanked: 3 times

Re: Hack your game to fix security issues: Subgraph Vega

Postby GameMaster » Mon Aug 28, 2017 4:05 pm

Thanks do you have a specific link for those instructions the general one of the site does not seem to involve what you are saying.
User avatar
GameMaster
 
Posts: 50
Joined: Fri Mar 28, 2014 3:14 pm
Has thanked: 2 times
Been thanked: 1 time

Re: Hack your game to fix security issues: Subgraph Vega

Postby Kesstryl » Tue Aug 29, 2017 2:51 pm

GameMaster wrote:Thanks do you have a specific link for those instructions the general one of the site does not seem to involve what you are saying.


Their Github has detailed instructions, you can try those here https://github.com/subgraph/Vega/wiki
Play my open beta text based RPG Dragon Lord at http://dragonlordrpg.com
User avatar
Kesstryl
 
Posts: 201
Joined: Sat Sep 22, 2012 12:27 am
Location: Gallifrey
Has thanked: 38 times
Been thanked: 3 times

Re: Hack your game to fix security issues: Subgraph Vega

Postby GameMaster » Thu Aug 31, 2017 12:38 am

Thank you kindly.
User avatar
GameMaster
 
Posts: 50
Joined: Fri Mar 28, 2014 3:14 pm
Has thanked: 2 times
Been thanked: 1 time


Return to Programs/Assets/Libs/Open Source/Ect...

Who is online

Users browsing this forum: No registered users and 2 guests

cron

x