There is no silver bullet for game security. We start with a threat model approach to focus on assets at risk, paths to them, and focus on exploiting those paths first, before threat actors get to them.
We take a hands-on approach to examine workflows surrounding your game and its core features to ensure they are free of security defects or unintended features that could be abused to gain an unfair advantage. Let us find the exploits first to protect:
- Integrity of gameplay loops
- Integrity of economic models
- Confidentiality of data
- Integrity of data
- Availability of gameplay services
- Reputation of your company and its stakeholders
With our hands-on approach we take an adversarial perspective to find weaknesses and exploits in your game, its underlying infrastructure, and the risks it may pose to your players. When a game launches it feels like a gold rush to threat actors. The first one to find an exploit is able to maximize their profits, notoriety, or destructive trolling.
Over the years we have created custom tools to reverse engineer game clients to uncover what makes them tick at a very low level to discover exploits at the binary protocol level. Typically this leads to economic inflation, server denial of service, client remote code execution and a path to quickly create automation bots.
We discover the exploits and weaknesses first, so they can be safeguarded to ensure your players can thrive without disruption.
By using an adversarial threat model with a hands on assessment of the security posture of your game, Overflow can help in making sure that your games path to success isn't disrupted by hackers looking to profit or trolls looking to disrupt your players. The following are some domains of security that Overflow specializes in:
Data race conditions, arithmetic issues, and authorization are the leading causes of in game exploits that affect economies. Duplication glitches, sink/faucet and trading mechanic issues, and authorization issues are the most common types of exploits that lead to broken economies.
Whether your game sits on infrastructure that is self hosted, in the cloud, on a SaaS platform or any combination of, Overflow can review the configuration of the services that power you game to ensure there are no oversights or gaps in security configurations.
Game clients process data relayed by other game clients. What if other game clients are sending malicious data? Overflow can evaluate what risks game clients pose to gamers computers by ensuring the latest best practices are being used to protect runtimes and help detect game client tampering.
The server is in charge of the game state and is the arbitrator of commands that are taken and sent to game clients. Overflow can help ensure that the server logic cannot be abused to inject unintended behaviors that can be used to craft game breaking exploits.
Client-Server based games are complex machines. They can processes hundreds of unique commands. Authentication models need to be in place and enforced to make sure that broken authentication cannot be used to exploit the underlying game they are supposed to protect.
Game administrators, players, NPCs, API keys, and 3rd party integrations. They all need levels of authorization to interact with the game. Are authorization levels set and enforced properly? We can test and ensure that threat actors cannot abuse gaps in authorization enforcement to gain a foothold to find devastating exploits.
Protect your gamers, the reputation of the game, and your stakeholders. Overflow offers a custom tiered approach to meet your games security needs.
Tier 1: Comprehensive
A tier 1 assessment covers the game client, game server, and underlying infrastructure.
Tier 2: Hybrid
A tier 2 assessment covers the server game logic against economic exploits or unintended functionality that could be abused by threat actors. Impact of maliciously relayed game messages from game clients to other game clients are evaluated to ensure the safety of game players host machines is not compromised.
Tier 3: Server Game Logic
A tier 3 assessment focuses on the game logic processed by the server. This helps protect your players from economic exploits or game server abuse via authorization/authentication enforcement gaps along with potential denial of service scenarios that abuse game logic to cause server crashes or other undefined behavior.
It starts with a phone call and ends with a more secure game for your players.
