This document discusses the convergence of cybersecurity and gaming. It argues that cybersecurity and gaming development share principles like the need for fast, continuous development and deployment. However, gaming also introduces security risks like the theft of user accounts and digital goods. To address these risks, the document recommends integrating cybersecurity practices into gaming development like application security testing, extending PCI security standards to gaming, and ensuring proper IoT security for connected gaming devices. Overall, the document frames cybersecurity and gaming as an "unmissable marriage" where both fields can learn from each other to better secure games and gamers.
3. A BRIEF INTRODUCTION ABOUT MYSELF:
I’m THIS GUY here* -
>
YEAH … TRUE
STORY …I REALLY
DO ENJOY
WORKING …
AROUND THE
BUSH!
https://it.linkedin.com/in/fabriziocilli
www.linkedin.com/pulse/posts/fabriziocilli* I know… I look much better in the picture …
FABRIZIO
CILLI
4. A BRIEF INTRODUCTION ABOUT MYSELF:
!
* Special Thanks: Mom and Dad.
18
An unforeseeable amount of
years of Happiness, Fulfillment
and Personal Growth ! :D :D
:D ***
** You don’t want to enter into details HERE. *** OPTIMISM is the scent of life!.
5. LATEST WORKS :
https://it.linkedin.com/in/fabriziocilli
www.linkedin.com/pulse/posts/fabriziocillihttps://www.slideshare.net/FabrizioCilli
A View on Cyber Security
2015
ISACA Call for Papers
Feeling Vulnerable is Good
2015
Dev:Mob Startup’ MeetUps
Dante’s, Is Coding A Divine Gift?
2017
Developers.NL MeetUp
A quick overview of
some key elements in
cybersecurity.
Dedicated to Battleship
Yamato’s glorious
history, a side view on
Vulnerability and Attack
Vectors.
A parallel between
Coding Security and
Dante Alighieri’s Divine
Comedy… held in
Florence of course!
6. WHY “CYBER” + “GAMING”
…WITH SO MANY BUZZWORDS AROUND …WHY CHOOSE ‘EM FOR THIS TALK?
8. WHY I CONSIDER
CYBER SECURITY
AND GAMING AS
CONVERGING
FORCES AND
ABILITIES ?
• ARE YOU LINKING THE
SAME DOT AS I AM ?
LET’S TAKE A DEEP
BREATH (…there’s much to
consider here…), THINK
OVER IT, THEN LET’S
DIVIDE AND CONQUER
TOGETHER!
9. CYBER SEC TOPICS
• Cybersecurity (Formerly
IT SEC OPS)
• DevSecOps (A hatred
contraption)
• I.o.T. Security
GAMING DEV TOPICS
• Gaming Development
• DevOps (the beloved one…)
• Virtual Reality
• Gaming IoT Devices
10. … OF THE SPOTLESS CYBER
SECURITY EXPERT MIND …
… THE SPOTLESS GAMING
DEVELOPER MIND !
THE
…
11. FAST, CONTINUOUS DEV … IS KEY FOR
GAMING !
• Speed
• Unit Testing
• Bug Check
• Play Test
• Agile or Spiral ALMs
• Layered Approach
• Re-Use
• Industrialization
• Multi Platform Builds
• MVP
• Accelerated Build
• Fast Deploy
• Fast (Functional) Testing
• Fast Release
• Application Lifecycle
Management
Release Models Key Factors
Where’s NON-
FUNCTIONAL TESTING
?!?!
GIMME SOME
SECURITY !!!
12. NOW LET’S GET SERIOUS … SECURITY IS A
NEED !
• Gaming Network /
Endpoints
• Gaming Networks /
Endpoints
• User Phishing
• Direct Attacks
• Vulnerabilities and Patching
Obsolescence
• User Endpoints / Servers
• Falsification and theft of
virtual goods or data
• Deliberate and Traversal
Hacking Issues
• Trojans
• Man-made hacking
• Server Maintenance
Problem
• Identity Theft
Attack Types Attack Vectors
13. WHAT CAN GO WRONG ?
WHY BOTHER SO MUCH ? YOU’D BE SURPRISED !
https://blog.highfidelity.com/roadmap-protecting-intellectual-property-in-virtual-worlds-4388096d72c2
What could go wrong, we’re just
PLAYING! Never heard of Cryptocurrencies in
gaming?
Uhm, yeah I guess some of my
swords are worth few bucks now…
How about I steal your account and
sell them ALL?
WhaAt? Not my Teebu's Blazing
Longsword! Ohhh Yes! And even your friends lists
and emails, in order to POWN them
too!! Ahahah! So you’ll learn not to
Secure your Code!NoooooOoOoOo … !!! You can’t be
serious!
14. CYBERSECURITY FOR GAMING
• Protect the Intellectual
Property
• Protect the Infrastructure
• Avoid cross/internal attacks
• Protect digital currencies use
• Adhere to the National
Defense Program, beyond
boudaries
• …for that is the business’
core
• …for that is where you host
your clients
• …for broken code is a skyfall
• …for they’re a thing now!
• Whatever you do, GDPR, NIS
Directive and NIST… WILL find
you!
What For… …and Why
15. CYBERSECURITY FOR GAMING
• Protect the Intellectual
Property
• Protect the Infrastructure
• Avoid cross/internal attacks
• Protect digital currencies use
• Adhere to the National
Defense Program, beyond
boudaries
• DATA MANAGEMENT
• THREAT MANAGEMENT
• CODE & APP SECURITY
TESTING
• EXTENDING PCI-DSS
PRINCIPLES
• LOG, CORRELATE, CONTAIN,
MITIGATE and REPORT
BREACHES TIMELY
What For… …and thanks to?
You don’t WANT to be the VECTOR of a DISASTER, EVER !
https://www.techworld.com/security/uks-most-infamous-data-
16. CODE & APPSEC FOR GAMING
SAST – Static Application Security Testing : Working closely with
CD/CI infrastructures is timed to respond to the need of testing
before releasing. It also provide Security Awareness to your
developers thanks to a virtuous feedback and remediation
mechanism, even integrated with your IDE of choice.
DAST – Dynamic Application Security Testing : By Automated
Tools (less efficient) or better by direct testing, the Dynamic Test
takes place when application chunks are released in their natural
environment, making it the most accurate way to verify that the
combination of Application, Hosting Infrastructure and linked
Devices (IoT shortly) won’t allow an attacker to ruin your SecureI’m sure you agree this is worthy…
17. DEVSECOPS FOR GAMING
Release Management is necessarily an accelerated process,
DevOps infrastructure change management’ automation and
automated provisioning too.
It’s unthinkable to process all this without Security Orchestration,
to assure Patching, Golden Copies & Snapshots Updates and
Vulnerability Management.
DevOps cannot thrive without SecOps
It’s a matter of working at speed… or working securely,
at speed !
Gaming Industry owes it To The Gamers!
18. I.O.T. SECURITY FOR GAMING DEVICES
A VERY QUICK SLIDE HERE…
• Should I mention Amazon ECHO ?
• Should I mention FitBit ?
• Maybe I should mention Connected
CARS?
• Sniper Rifles, maybe?
• Or just go back to STUXNET, Nuclear
Plants? You don’t WANT to be in THIS LIST… EVER !
https://www.embitel.com/blog/embedded-blog/security-challenges-faced-by-iot-
… FEW WHYs?
• LACK OF TESTING
• CROSS ATTACK VECTOR
• CROSS ATTACK VECTOR
• LACK OF TESTING
• LACK OF TESTING
20. THE LARGEST THREAT IN CYBER GAMING
ISSUES
YEAH I’M GOING TO DO IT … :
• PLAYSTATION NETWORK
• XBOX Live
• Battle.Net
• STEAM
• …
You don’t WANT to be in THIS LIST… EVER !
https://www.bestvpn.com/privacy-news/gaming-industry-leak/
…and yet I’m here to FIX not to
SCARE :
• Core Infrastructure Hack
• DDoS, Infrastructure Resilience
• DDoS on eb Frontend
Infrastructure
• Steam Stealer Malware plus a
number of previous attacks to
Users Endpoints
Not a Blame – Game, but better a wake - up call …
22. “
”
VIDEO GAMES AS A TRAINING TOOL TO
PREPARE THE NEXT GENERATION OF
CYBER WARRIORS
Christopher Herr, Dennis M. Allen - July 2015 - Cyber Workforce Development (CWD)
Carnegie-Mellon University – Software Engineering Institute
To summarize, Cybersecurity and Gaming “UNMISSABLE” marriage, is a two-way
process. Since 2015 we measured an explosive growth in attacks against the Gaming
Industry, and on the other side we lack the right amount of Cyber professionals to
defend it. A Virtuous Exchange is due to compensate for that !
https://resources.sei.cmu.edu/asset_files/Presentation/2015_017_001_4
24. WILL YOU
MARRY ME ?
I think I can finally
understand how much
it
Is important to stay
Secure!
Oh my… this change
of heart is very
touching Guile…
Our customers, the
“sap” of our online
business!
Would you marry me,
and keep that promise
for me?
Not just for ourselves,
but also for those we
oath to protect!
Chun-Li, it SOUNDS
GOOD.
25. LONG STORY SHORT …
That, of Cyber Security and Gaming
Dev (including all the Gaming
Infrastructures you can think of), is
indeed an unmissable marriage, built
to last.
Secure By Design, is the fundamental
Oath we should think as last thought
before sleep…
LIVE LONG AND PROSPER.