Hack your game to fix security issues: Subgraph Vega

The place to ask questions about 3DStudio Max, Blender, Pro Motion, open source items, libraries, ect..
Post Reply
User avatar
Kesstryl
Posts: 202
Joined: Sat Sep 22, 2012 5:27 am

Hack your game to fix security issues: Subgraph Vega

Post by Kesstryl »

I tried installing several different vulnerability scanners, and this one was the only one that worked right out of the box for me. The application works by scanning your game, and trying to insert hacks to see if it can perform XSS and other types of hacking, then it shows a report of the security issues in your game. By using it, I was able to find out that though I set my cookies to httponly, it wasn't working as intended, and so I was able to implement a fix which did work. It was also helpful for me to find areas where the code had short tags on the game help pages (legacy game engine that I didn't write but am updating) which were echoing code and not the intended data. In addition to finding security holes in your game, it can also expose security holes in your server set up, which is really helpful if you run your own server and have access to the server ini and config files. I'm recommending this because I think it's important for game developers to have a tool for finding and fixing security issues with their games, and this one is easy to install and use. Here's the link to the Subgraph Vega site:

https://subgraph.com/vega/index.en.html
User avatar
GameMaster
Posts: 53
Joined: Fri Mar 28, 2014 8:14 pm

Re: Hack your game to fix security issues: Subgraph Vega

Post by GameMaster »

Interesting. This is run via browser http or in SSL?
User avatar
hallsofvallhalla
Site Admin
Posts: 12031
Joined: Wed Apr 22, 2009 11:29 pm

Re: Hack your game to fix security issues: Subgraph Vega

Post by hallsofvallhalla »

Wow thanks for the link! Very cool stuff here.
User avatar
Kesstryl
Posts: 202
Joined: Sat Sep 22, 2012 5:27 am

Re: Hack your game to fix security issues: Subgraph Vega

Post by Kesstryl »

GameMaster wrote:Interesting. This is run via browser http or in SSL?
I had to run it in http because for some reason I can't get the SSL certificate link to work, but it's easy to reset your browser to not use its proxy after you are done. I had the SSL problem with one of the other scanners too, but at least this one will scan without the SSL certificate on localhost, which is all I needed it for.
User avatar
GameMaster
Posts: 53
Joined: Fri Mar 28, 2014 8:14 pm

Re: Hack your game to fix security issues: Subgraph Vega

Post by GameMaster »

Kesstryl, thanks for your reply. So you upload to your public folder like http://www.yourdomain.com/vega/ and then point your browser to it?
User avatar
Jackolantern
Posts: 10893
Joined: Wed Jul 01, 2009 11:00 pm

Re: Hack your game to fix security issues: Subgraph Vega

Post by Jackolantern »

Nice! I will have to check this out.
The indelible lord of tl;dr
User avatar
Kesstryl
Posts: 202
Joined: Sat Sep 22, 2012 5:27 am

Re: Hack your game to fix security issues: Subgraph Vega

Post by Kesstryl »

GameMaster wrote:Kesstryl, thanks for your reply. So you upload to your public folder like http://www.yourdomain.com/vega/ and then point your browser to it?
No, it's a separate installation, and there are instructions for getting your browser to work with the port that the application uses so the application can poke at your game. The instructions seem to work best for Firefox, and once you are done, if you can't get the SSL certificate to work, you can easily switch your browser back to its default setting so you can surf the web again. What I did was pull up my site in Firefox, then go through the changes to make Firefox listen to the port that Subraph Vega uses, and once all my scans were done, I switched Firefox back to normal. Their website has instructions for doing all of this.
User avatar
GameMaster
Posts: 53
Joined: Fri Mar 28, 2014 8:14 pm

Re: Hack your game to fix security issues: Subgraph Vega

Post by GameMaster »

Thanks do you have a specific link for those instructions the general one of the site does not seem to involve what you are saying.
User avatar
Kesstryl
Posts: 202
Joined: Sat Sep 22, 2012 5:27 am

Re: Hack your game to fix security issues: Subgraph Vega

Post by Kesstryl »

GameMaster wrote:Thanks do you have a specific link for those instructions the general one of the site does not seem to involve what you are saying.
Their Github has detailed instructions, you can try those here https://github.com/subgraph/Vega/wiki
User avatar
GameMaster
Posts: 53
Joined: Fri Mar 28, 2014 8:14 pm

Re: Hack your game to fix security issues: Subgraph Vega

Post by GameMaster »

Thank you kindly.
Post Reply

Return to “Programs/Assets/Libs/Open Source/Ect...”