Hack your game to fix security issues: Subgraph Vega
Hack your game to fix security issues: Subgraph Vega
I tried installing several different vulnerability scanners, and this one was the only one that worked right out of the box for me. The application works by scanning your game, and trying to insert hacks to see if it can perform XSS and other types of hacking, then it shows a report of the security issues in your game. By using it, I was able to find out that though I set my cookies to httponly, it wasn't working as intended, and so I was able to implement a fix which did work. It was also helpful for me to find areas where the code had short tags on the game help pages (legacy game engine that I didn't write but am updating) which were echoing code and not the intended data. In addition to finding security holes in your game, it can also expose security holes in your server set up, which is really helpful if you run your own server and have access to the server ini and config files. I'm recommending this because I think it's important for game developers to have a tool for finding and fixing security issues with their games, and this one is easy to install and use. Here's the link to the Subgraph Vega site:
https://subgraph.com/vega/index.en.html
https://subgraph.com/vega/index.en.html
- GameMaster
- Posts: 53
- Joined: Fri Mar 28, 2014 8:14 pm
Re: Hack your game to fix security issues: Subgraph Vega
Interesting. This is run via browser http or in SSL?
- hallsofvallhalla
- Site Admin
- Posts: 12023
- Joined: Wed Apr 22, 2009 11:29 pm
Re: Hack your game to fix security issues: Subgraph Vega
Wow thanks for the link! Very cool stuff here.
Re: Hack your game to fix security issues: Subgraph Vega
I had to run it in http because for some reason I can't get the SSL certificate link to work, but it's easy to reset your browser to not use its proxy after you are done. I had the SSL problem with one of the other scanners too, but at least this one will scan without the SSL certificate on localhost, which is all I needed it for.GameMaster wrote:Interesting. This is run via browser http or in SSL?
- GameMaster
- Posts: 53
- Joined: Fri Mar 28, 2014 8:14 pm
Re: Hack your game to fix security issues: Subgraph Vega
Kesstryl, thanks for your reply. So you upload to your public folder like http://www.yourdomain.com/vega/ and then point your browser to it?
- Jackolantern
- Posts: 10891
- Joined: Wed Jul 01, 2009 11:00 pm
Re: Hack your game to fix security issues: Subgraph Vega
Nice! I will have to check this out.
The indelible lord of tl;dr
Re: Hack your game to fix security issues: Subgraph Vega
No, it's a separate installation, and there are instructions for getting your browser to work with the port that the application uses so the application can poke at your game. The instructions seem to work best for Firefox, and once you are done, if you can't get the SSL certificate to work, you can easily switch your browser back to its default setting so you can surf the web again. What I did was pull up my site in Firefox, then go through the changes to make Firefox listen to the port that Subraph Vega uses, and once all my scans were done, I switched Firefox back to normal. Their website has instructions for doing all of this.GameMaster wrote:Kesstryl, thanks for your reply. So you upload to your public folder like http://www.yourdomain.com/vega/ and then point your browser to it?
- GameMaster
- Posts: 53
- Joined: Fri Mar 28, 2014 8:14 pm
Re: Hack your game to fix security issues: Subgraph Vega
Thanks do you have a specific link for those instructions the general one of the site does not seem to involve what you are saying.
Re: Hack your game to fix security issues: Subgraph Vega
Their Github has detailed instructions, you can try those here https://github.com/subgraph/Vega/wikiGameMaster wrote:Thanks do you have a specific link for those instructions the general one of the site does not seem to involve what you are saying.
- GameMaster
- Posts: 53
- Joined: Fri Mar 28, 2014 8:14 pm