Page 1 of 1

Hack your game to fix security issues: Subgraph Vega

Posted: Sun Aug 20, 2017 3:19 pm
by Kesstryl
I tried installing several different vulnerability scanners, and this one was the only one that worked right out of the box for me. The application works by scanning your game, and trying to insert hacks to see if it can perform XSS and other types of hacking, then it shows a report of the security issues in your game. By using it, I was able to find out that though I set my cookies to httponly, it wasn't working as intended, and so I was able to implement a fix which did work. It was also helpful for me to find areas where the code had short tags on the game help pages (legacy game engine that I didn't write but am updating) which were echoing code and not the intended data. In addition to finding security holes in your game, it can also expose security holes in your server set up, which is really helpful if you run your own server and have access to the server ini and config files. I'm recommending this because I think it's important for game developers to have a tool for finding and fixing security issues with their games, and this one is easy to install and use. Here's the link to the Subgraph Vega site:

https://subgraph.com/vega/index.en.html

Re: Hack your game to fix security issues: Subgraph Vega

Posted: Sun Aug 20, 2017 3:44 pm
by GameMaster
Interesting. This is run via browser http or in SSL?

Re: Hack your game to fix security issues: Subgraph Vega

Posted: Mon Aug 21, 2017 8:56 pm
by hallsofvallhalla
Wow thanks for the link! Very cool stuff here.

Re: Hack your game to fix security issues: Subgraph Vega

Posted: Mon Aug 21, 2017 11:41 pm
by Kesstryl
GameMaster wrote:Interesting. This is run via browser http or in SSL?
I had to run it in http because for some reason I can't get the SSL certificate link to work, but it's easy to reset your browser to not use its proxy after you are done. I had the SSL problem with one of the other scanners too, but at least this one will scan without the SSL certificate on localhost, which is all I needed it for.

Re: Hack your game to fix security issues: Subgraph Vega

Posted: Mon Aug 21, 2017 11:53 pm
by GameMaster
Kesstryl, thanks for your reply. So you upload to your public folder like http://www.yourdomain.com/vega/ and then point your browser to it?

Re: Hack your game to fix security issues: Subgraph Vega

Posted: Tue Aug 22, 2017 3:39 pm
by Jackolantern
Nice! I will have to check this out.

Re: Hack your game to fix security issues: Subgraph Vega

Posted: Mon Aug 28, 2017 8:37 pm
by Kesstryl
GameMaster wrote:Kesstryl, thanks for your reply. So you upload to your public folder like http://www.yourdomain.com/vega/ and then point your browser to it?
No, it's a separate installation, and there are instructions for getting your browser to work with the port that the application uses so the application can poke at your game. The instructions seem to work best for Firefox, and once you are done, if you can't get the SSL certificate to work, you can easily switch your browser back to its default setting so you can surf the web again. What I did was pull up my site in Firefox, then go through the changes to make Firefox listen to the port that Subraph Vega uses, and once all my scans were done, I switched Firefox back to normal. Their website has instructions for doing all of this.

Re: Hack your game to fix security issues: Subgraph Vega

Posted: Mon Aug 28, 2017 9:05 pm
by GameMaster
Thanks do you have a specific link for those instructions the general one of the site does not seem to involve what you are saying.

Re: Hack your game to fix security issues: Subgraph Vega

Posted: Tue Aug 29, 2017 7:51 pm
by Kesstryl
GameMaster wrote:Thanks do you have a specific link for those instructions the general one of the site does not seem to involve what you are saying.
Their Github has detailed instructions, you can try those here https://github.com/subgraph/Vega/wiki

Re: Hack your game to fix security issues: Subgraph Vega

Posted: Thu Aug 31, 2017 5:38 am
by GameMaster
Thank you kindly.