Thank you for your answer Kylotan!
I did all the things you said. All I wanted was a list as you gave it to me :)
I handle exceptions with try-catch block and in the catch block it writes the exception to debug log.
Game Server security
Divide the problem into two areas.
Cheating issues are in general threats to game integrity. If someone has a wall hack, or a teleport cheat, or has found an item-duplication bug in an MMO, these are threats to the integrity of the game as a game, but not to the security of the server itself.
Security issues are those in which an attacker has the ability to control the server (whether by running arbitrary code or simply causing the server to be unavailable).
I'm going to completely ignore game integrity issues in this post.
Picture a Venn diagram of two circles. One is "Specified Server Functionality", the other is "Actual Server Functionality". The area that is in the first circle but not the second is an easily quantifiable bug. "The quest is supposed to end when I have recovered the McGuffin, and it doesn't".
What is more interesting is the case where instead of failing to execute specified behavior, the code executes behavior that wasn't specified one way or another. This is (in general) where you are going to find your security bugs.
The best way to find networking security bugs is to use a tool called a fuzzer. A network fuzzer will generate large amounts of deliberately malformed data, and monitor the server for failure. Especially since you already know C#, I'd recommend getting a copy of Peach 3 (it's free), and setting up a network fuzzer against your server.
The goal is that fuzzing should do nothing beyond generating your *designed* "hey, I got an invalid message" behavior. Anything else is a problem.
Cheating issues are in general threats to game integrity. If someone has a wall hack, or a teleport cheat, or has found an item-duplication bug in an MMO, these are threats to the integrity of the game as a game, but not to the security of the server itself.
Security issues are those in which an attacker has the ability to control the server (whether by running arbitrary code or simply causing the server to be unavailable).
I'm going to completely ignore game integrity issues in this post.
Picture a Venn diagram of two circles. One is "Specified Server Functionality", the other is "Actual Server Functionality". The area that is in the first circle but not the second is an easily quantifiable bug. "The quest is supposed to end when I have recovered the McGuffin, and it doesn't".
What is more interesting is the case where instead of failing to execute specified behavior, the code executes behavior that wasn't specified one way or another. This is (in general) where you are going to find your security bugs.
The best way to find networking security bugs is to use a tool called a fuzzer. A network fuzzer will generate large amounts of deliberately malformed data, and monitor the server for failure. Especially since you already know C#, I'd recommend getting a copy of Peach 3 (it's free), and setting up a network fuzzer against your server.
The goal is that fuzzing should do nothing beyond generating your *designed* "hey, I got an invalid message" behavior. Anything else is a problem.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
