SlideShare a Scribd company logo

Cybersecurity & Gaming: The Unmissable Marriage

Download as PPSX, PDF
Fabrizio Cilli
Fabrizio Cilli

This document discusses the convergence of cybersecurity and gaming. It argues that cybersecurity and gaming development share principles like the need for fast, continuous development and deployment. However, gaming also introduces security risks like the theft of user accounts and digital goods. To address these risks, the document recommends integrating cybersecurity practices into gaming development like application security testing, extending PCI security standards to gaming, and ensuring proper IoT security for connected gaming devices. Overall, the document frames cybersecurity and gaming as an "unmissable marriage" where both fields can learn from each other to better secure games and gamers.

Leadership & Management
1 of 27
CYBERSECURITY & GAMING THE UNMISSABLE MARRIAGE All Images used are Copyright® of their respective owners.
WHO’S WHO ?
A BRIEF INTRODUCTION ABOUT MYSELF: I’m THIS GUY here* - > YEAH … TRUE STORY …I REALLY DO ENJOY WORKING … AROUND THE BUSH! https://it.linkedin.com/in/fabriziocilli www.linkedin.com/pulse/posts/fabriziocilli* I know… I look much better in the picture …  FABRIZIO CILLI
A BRIEF INTRODUCTION ABOUT MYSELF: ! * Special Thanks: Mom and Dad. 18 An unforeseeable amount of years of Happiness, Fulfillment and Personal Growth ! :D :D :D *** ** You don’t want to enter into details HERE. *** OPTIMISM is the scent of life!.
LATEST WORKS : https://it.linkedin.com/in/fabriziocilli www.linkedin.com/pulse/posts/fabriziocillihttps://www.slideshare.net/FabrizioCilli A View on Cyber Security 2015 ISACA Call for Papers Feeling Vulnerable is Good 2015 Dev:Mob Startup’ MeetUps Dante’s, Is Coding A Divine Gift? 2017 Developers.NL MeetUp A quick overview of some key elements in cybersecurity. Dedicated to Battleship Yamato’s glorious history, a side view on Vulnerability and Attack Vectors. A parallel between Coding Security and Dante Alighieri’s Divine Comedy… held in Florence of course! 
WHY “CYBER” + “GAMING” …WITH SO MANY BUZZWORDS AROUND …WHY CHOOSE ‘EM FOR THIS TALK?
CYBER IS COOL GAMING TOO
WHY I CONSIDER CYBER SECURITY AND GAMING AS CONVERGING FORCES AND ABILITIES ? • ARE YOU LINKING THE SAME DOT AS I AM ? LET’S TAKE A DEEP BREATH (…there’s much to consider here…), THINK OVER IT, THEN LET’S DIVIDE AND CONQUER TOGETHER!
CYBER SEC TOPICS • Cybersecurity (Formerly IT SEC OPS) • DevSecOps (A hatred contraption) • I.o.T. Security GAMING DEV TOPICS • Gaming Development • DevOps (the beloved one…) • Virtual Reality • Gaming IoT Devices
… OF THE SPOTLESS CYBER SECURITY EXPERT MIND … … THE SPOTLESS GAMING DEVELOPER MIND ! THE …
FAST, CONTINUOUS DEV … IS KEY FOR GAMING ! • Speed • Unit Testing • Bug Check • Play Test • Agile or Spiral ALMs • Layered Approach • Re-Use • Industrialization • Multi Platform Builds • MVP • Accelerated Build • Fast Deploy • Fast (Functional) Testing • Fast Release • Application Lifecycle Management Release Models Key Factors Where’s NON- FUNCTIONAL TESTING ?!?! GIMME SOME SECURITY !!!
NOW LET’S GET SERIOUS … SECURITY IS A NEED ! • Gaming Network / Endpoints • Gaming Networks / Endpoints • User Phishing • Direct Attacks • Vulnerabilities and Patching Obsolescence • User Endpoints / Servers • Falsification and theft of virtual goods or data • Deliberate and Traversal Hacking Issues • Trojans • Man-made hacking • Server Maintenance Problem • Identity Theft Attack Types Attack Vectors
WHAT CAN GO WRONG ? WHY BOTHER SO MUCH ? YOU’D BE SURPRISED ! https://blog.highfidelity.com/roadmap-protecting-intellectual-property-in-virtual-worlds-4388096d72c2 What could go wrong, we’re just PLAYING! Never heard of Cryptocurrencies in gaming? Uhm, yeah I guess some of my swords are worth few bucks now… How about I steal your account and sell them ALL? WhaAt? Not my Teebu's Blazing Longsword! Ohhh Yes! And even your friends lists and emails, in order to POWN them too!! Ahahah! So you’ll learn not to Secure your Code!NoooooOoOoOo … !!! You can’t be serious!
CYBERSECURITY FOR GAMING • Protect the Intellectual Property • Protect the Infrastructure • Avoid cross/internal attacks • Protect digital currencies use • Adhere to the National Defense Program, beyond boudaries • …for that is the business’ core • …for that is where you host your clients • …for broken code is a skyfall • …for they’re a thing now! • Whatever you do, GDPR, NIS Directive and NIST… WILL find you! What For… …and Why
CYBERSECURITY FOR GAMING • Protect the Intellectual Property • Protect the Infrastructure • Avoid cross/internal attacks • Protect digital currencies use • Adhere to the National Defense Program, beyond boudaries • DATA MANAGEMENT • THREAT MANAGEMENT • CODE & APP SECURITY TESTING • EXTENDING PCI-DSS PRINCIPLES • LOG, CORRELATE, CONTAIN, MITIGATE and REPORT BREACHES TIMELY What For… …and thanks to? You don’t WANT to be the VECTOR of a DISASTER, EVER ! https://www.techworld.com/security/uks-most-infamous-data-
CODE & APPSEC FOR GAMING SAST – Static Application Security Testing : Working closely with CD/CI infrastructures is timed to respond to the need of testing before releasing. It also provide Security Awareness to your developers thanks to a virtuous feedback and remediation mechanism, even integrated with your IDE of choice. DAST – Dynamic Application Security Testing : By Automated Tools (less efficient) or better by direct testing, the Dynamic Test takes place when application chunks are released in their natural environment, making it the most accurate way to verify that the combination of Application, Hosting Infrastructure and linked Devices (IoT shortly) won’t allow an attacker to ruin your SecureI’m sure you agree this is worthy…
DEVSECOPS FOR GAMING Release Management is necessarily an accelerated process, DevOps infrastructure change management’ automation and automated provisioning too. It’s unthinkable to process all this without Security Orchestration, to assure Patching, Golden Copies & Snapshots Updates and Vulnerability Management. DevOps cannot thrive without SecOps It’s a matter of working at speed… or working securely, at speed ! Gaming Industry owes it To The Gamers!
I.O.T. SECURITY FOR GAMING DEVICES A VERY QUICK SLIDE HERE… • Should I mention Amazon ECHO ? • Should I mention FitBit ? • Maybe I should mention Connected CARS? • Sniper Rifles, maybe? • Or just go back to STUXNET, Nuclear Plants? You don’t WANT to be in THIS LIST… EVER ! https://www.embitel.com/blog/embedded-blog/security-challenges-faced-by-iot- … FEW WHYs? • LACK OF TESTING • CROSS ATTACK VECTOR • CROSS ATTACK VECTOR • LACK OF TESTING • LACK OF TESTING
I.O.T. SECURITY IS A SERIOUS AND VERY INTIMATE MATTER !
THE LARGEST THREAT IN CYBER GAMING ISSUES YEAH I’M GOING TO DO IT … : • PLAYSTATION NETWORK • XBOX Live • Battle.Net • STEAM • … You don’t WANT to be in THIS LIST… EVER ! https://www.bestvpn.com/privacy-news/gaming-industry-leak/ …and yet I’m here to FIX not to SCARE : • Core Infrastructure Hack • DDoS, Infrastructure Resilience • DDoS on eb Frontend Infrastructure • Steam Stealer Malware plus a number of previous attacks to Users Endpoints Not a Blame – Game, but better a wake - up call …
AWARENES S FOR GAMERS… …REMEMBER THEY …PLAY WITH YOUR BUSINESS!
“ ” VIDEO GAMES AS A TRAINING TOOL TO PREPARE THE NEXT GENERATION OF CYBER WARRIORS Christopher Herr, Dennis M. Allen - July 2015 - Cyber Workforce Development (CWD) Carnegie-Mellon University – Software Engineering Institute To summarize, Cybersecurity and Gaming “UNMISSABLE” marriage, is a two-way process. Since 2015 we measured an explosive growth in attacks against the Gaming Industry, and on the other side we lack the right amount of Cyber professionals to defend it. A Virtuous Exchange is due to compensate for that ! https://resources.sei.cmu.edu/asset_files/Presentation/2015_017_001_4
LIFE IS SHORT … …LEAVE YOUR MARK !
WILL YOU MARRY ME ? I think I can finally understand how much it Is important to stay Secure! Oh my… this change of heart is very touching Guile… Our customers, the “sap” of our online business! Would you marry me, and keep that promise for me? Not just for ourselves, but also for those we oath to protect! Chun-Li, it SOUNDS GOOD.
LONG STORY SHORT … That, of Cyber Security and Gaming Dev (including all the Gaming Infrastructures you can think of), is indeed an unmissable marriage, built to last. Secure By Design, is the fundamental Oath we should think as last thought before sleep… LIVE LONG AND PROSPER.
ANY QUESTION ?! HUH ?!
All Images used are Copyright® of their respective owners.

Recommended

Os Nightingale
Os NightingaleOs Nightingale
Os Nightingaleoscon2007
 
44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security Lokender Yadav
 
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 201450 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014Chris Nickerson
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Positive Hack Days
 
Phd final
Phd finalPhd final
Phd finalPositive Hack Days
 
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
 
The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsn|u - The Open Security Community
 

Recommended

Os Nightingale
Os NightingaleOs Nightingale
Os Nightingaleoscon2007
 
44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security Lokender Yadav
 
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 201450 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014Chris Nickerson
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Positive Hack Days
 
Phd final
Phd finalPhd final
Phd finalPositive Hack Days
 
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
 
The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsn|u - The Open Security Community
 
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...Santhosh Tuppad
 
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...Casey Ellis
 
Hunt for the red DA
Hunt for the red DAHunt for the red DA
Hunt for the red DANeil Lines
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigationMehedi Hasan
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hackingeiti panchkula
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)Hackfest Communication
 
Red vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsRed vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsEC-Council
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
 
Things that go bump on the web - Web Application Security
Things that go bump on the web - Web Application SecurityThings that go bump on the web - Web Application Security
Things that go bump on the web - Web Application SecurityChristian Heilmann
 
The life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleThe life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleJarrod Overson
 
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...ITCamp
 
Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...
Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...
Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...Clio - Cloud-Based Legal Technology
 
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Santhosh Tuppad
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest Haydn Johnson
 
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Eric Kolb
 
Click or Not to Click (Cyber Security Awareness )
Click or Not to Click (Cyber Security Awareness )Click or Not to Click (Cyber Security Awareness )
Click or Not to Click (Cyber Security Awareness )Jobayer Almahmud Hossain (RHCA, RHCDS, RHCSS)
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksCiNPA Security SIG
 
Security and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSecurity and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSithira Pathirana
 
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013Nick Galbreath
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girladitipandeya
 
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With RoomVIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Roomdivyansh0kumar0
 

More Related Content

Similar to Cybersecurity & Gaming: The Unmissable Marriage

ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...Santhosh Tuppad
 
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...Casey Ellis
 
Hunt for the red DA
Hunt for the red DAHunt for the red DA
Hunt for the red DANeil Lines
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigationMehedi Hasan
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hackingeiti panchkula
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
Red vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsRed vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsEC-Council
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
 
Things that go bump on the web - Web Application Security
Things that go bump on the web - Web Application SecurityThings that go bump on the web - Web Application Security
Things that go bump on the web - Web Application SecurityChristian Heilmann
 
The life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleThe life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleJarrod Overson
 
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...ITCamp
 
Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...
Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...
Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...Clio - Cloud-Based Legal Technology
 
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Santhosh Tuppad
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest Haydn Johnson
 
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Eric Kolb
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksCiNPA Security SIG
 
Security and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSecurity and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSithira Pathirana
 
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013Nick Galbreath
 

Similar to Cybersecurity & Gaming: The Unmissable Marriage (20)

ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
 
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
 
Hunt for the red DA
Hunt for the red DAHunt for the red DA
Hunt for the red DA
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hacking
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)
 
Red vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsRed vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 years
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your Favor
 
Things that go bump on the web - Web Application Security
Things that go bump on the web - Web Application SecurityThings that go bump on the web - Web Application Security
Things that go bump on the web - Web Application Security
 
The life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleThe life of breached data and the attack lifecycle
The life of breached data and the attack lifecycle
 
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
 
Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...
Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...
Nerino Petro - Protecting your Digital ASSets: What we can learn from recent ...
 
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
 
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
 
Click or Not to Click (Cyber Security Awareness )
Click or Not to Click (Cyber Security Awareness )Click or Not to Click (Cyber Security Awareness )
Click or Not to Click (Cyber Security Awareness )
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal Tricks
 
Security and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSecurity and ethical hacking initiative first session
Security and ethical hacking initiative first session
 
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013
 

Recently uploaded

VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girladitipandeya
 
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With RoomVIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Roomdivyansh0kumar0
 
CEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biographyCEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biographyHafizMuhammadAbdulla5
 
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Nehwal
 
Introduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-EngineeringIntroduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-Engineeringthomas851723
 
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual serviceanilsa9823
 
LPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations ReviewLPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations Reviewthomas851723
 
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Pooja Nehwal
 
Training Methods and Training Objectives
Training Methods and Training ObjectivesTraining Methods and Training Objectives
Training Methods and Training Objectivesmintusiprd
 
GENUINE Babe,Call Girls IN Badarpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Badarpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Badarpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Badarpur Delhi | +91-8377087607dollysharma2066
 
{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai
{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai
{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, MumbaiPooja Nehwal
 
LPC Facility Design And Re-engineering Presentation
LPC Facility Design And Re-engineering PresentationLPC Facility Design And Re-engineering Presentation
LPC Facility Design And Re-engineering Presentationthomas851723
 
LPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business SectorLPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business Sectorthomas851723
 
LPC User Requirements for Automated Storage System Presentation
LPC User Requirements for Automated Storage System PresentationLPC User Requirements for Automated Storage System Presentation
LPC User Requirements for Automated Storage System Presentationthomas851723
 
Fifteenth Finance Commission Presentation
Fifteenth Finance Commission PresentationFifteenth Finance Commission Presentation
Fifteenth Finance Commission Presentationmintusiprd
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampPLCLeadershipDevelop
 

Recently uploaded (20)

VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girl
 
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With RoomVIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
 
Call Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICECall Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
 
CEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biographyCEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biography
 
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
 
Introduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-EngineeringIntroduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-Engineering
 
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
 
LPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations ReviewLPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations Review
 
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
 
Training Methods and Training Objectives
Training Methods and Training ObjectivesTraining Methods and Training Objectives
Training Methods and Training Objectives
 
GENUINE Babe,Call Girls IN Badarpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Badarpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Badarpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Badarpur Delhi | +91-8377087607
 
{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai
{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai
{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai
 
LPC Facility Design And Re-engineering Presentation
LPC Facility Design And Re-engineering PresentationLPC Facility Design And Re-engineering Presentation
LPC Facility Design And Re-engineering Presentation
 
LPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business SectorLPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business Sector
 
LPC User Requirements for Automated Storage System Presentation
LPC User Requirements for Automated Storage System PresentationLPC User Requirements for Automated Storage System Presentation
LPC User Requirements for Automated Storage System Presentation
 
sauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Service
sauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Servicesauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Service
sauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Service
 
Rohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Becoming an Inclusive Leader - Bernadette Thompson
Becoming an Inclusive Leader - Bernadette ThompsonBecoming an Inclusive Leader - Bernadette Thompson
Becoming an Inclusive Leader - Bernadette Thompson
 
Fifteenth Finance Commission Presentation
Fifteenth Finance Commission PresentationFifteenth Finance Commission Presentation
Fifteenth Finance Commission Presentation
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC Bootcamp
 

Cybersecurity & Gaming: The Unmissable Marriage

  • 1. CYBERSECURITY & GAMING THE UNMISSABLE MARRIAGE All Images used are Copyright® of their respective owners.
  • 3. A BRIEF INTRODUCTION ABOUT MYSELF: I’m THIS GUY here* - > YEAH … TRUE STORY …I REALLY DO ENJOY WORKING … AROUND THE BUSH! https://it.linkedin.com/in/fabriziocilli www.linkedin.com/pulse/posts/fabriziocilli* I know… I look much better in the picture …  FABRIZIO CILLI
  • 4. A BRIEF INTRODUCTION ABOUT MYSELF: ! * Special Thanks: Mom and Dad. 18 An unforeseeable amount of years of Happiness, Fulfillment and Personal Growth ! :D :D :D *** ** You don’t want to enter into details HERE. *** OPTIMISM is the scent of life!.
  • 5. LATEST WORKS : https://it.linkedin.com/in/fabriziocilli www.linkedin.com/pulse/posts/fabriziocillihttps://www.slideshare.net/FabrizioCilli A View on Cyber Security 2015 ISACA Call for Papers Feeling Vulnerable is Good 2015 Dev:Mob Startup’ MeetUps Dante’s, Is Coding A Divine Gift? 2017 Developers.NL MeetUp A quick overview of some key elements in cybersecurity. Dedicated to Battleship Yamato’s glorious history, a side view on Vulnerability and Attack Vectors. A parallel between Coding Security and Dante Alighieri’s Divine Comedy… held in Florence of course! 
  • 6. WHY “CYBER” + “GAMING” …WITH SO MANY BUZZWORDS AROUND …WHY CHOOSE ‘EM FOR THIS TALK?
  • 8. WHY I CONSIDER CYBER SECURITY AND GAMING AS CONVERGING FORCES AND ABILITIES ? • ARE YOU LINKING THE SAME DOT AS I AM ? LET’S TAKE A DEEP BREATH (…there’s much to consider here…), THINK OVER IT, THEN LET’S DIVIDE AND CONQUER TOGETHER!
  • 9. CYBER SEC TOPICS • Cybersecurity (Formerly IT SEC OPS) • DevSecOps (A hatred contraption) • I.o.T. Security GAMING DEV TOPICS • Gaming Development • DevOps (the beloved one…) • Virtual Reality • Gaming IoT Devices
  • 10. … OF THE SPOTLESS CYBER SECURITY EXPERT MIND … … THE SPOTLESS GAMING DEVELOPER MIND ! THE …
  • 11. FAST, CONTINUOUS DEV … IS KEY FOR GAMING ! • Speed • Unit Testing • Bug Check • Play Test • Agile or Spiral ALMs • Layered Approach • Re-Use • Industrialization • Multi Platform Builds • MVP • Accelerated Build • Fast Deploy • Fast (Functional) Testing • Fast Release • Application Lifecycle Management Release Models Key Factors Where’s NON- FUNCTIONAL TESTING ?!?! GIMME SOME SECURITY !!!
  • 12. NOW LET’S GET SERIOUS … SECURITY IS A NEED ! • Gaming Network / Endpoints • Gaming Networks / Endpoints • User Phishing • Direct Attacks • Vulnerabilities and Patching Obsolescence • User Endpoints / Servers • Falsification and theft of virtual goods or data • Deliberate and Traversal Hacking Issues • Trojans • Man-made hacking • Server Maintenance Problem • Identity Theft Attack Types Attack Vectors
  • 13. WHAT CAN GO WRONG ? WHY BOTHER SO MUCH ? YOU’D BE SURPRISED ! https://blog.highfidelity.com/roadmap-protecting-intellectual-property-in-virtual-worlds-4388096d72c2 What could go wrong, we’re just PLAYING! Never heard of Cryptocurrencies in gaming? Uhm, yeah I guess some of my swords are worth few bucks now… How about I steal your account and sell them ALL? WhaAt? Not my Teebu's Blazing Longsword! Ohhh Yes! And even your friends lists and emails, in order to POWN them too!! Ahahah! So you’ll learn not to Secure your Code!NoooooOoOoOo … !!! You can’t be serious!
  • 14. CYBERSECURITY FOR GAMING • Protect the Intellectual Property • Protect the Infrastructure • Avoid cross/internal attacks • Protect digital currencies use • Adhere to the National Defense Program, beyond boudaries • …for that is the business’ core • …for that is where you host your clients • …for broken code is a skyfall • …for they’re a thing now! • Whatever you do, GDPR, NIS Directive and NIST… WILL find you! What For… …and Why
  • 15. CYBERSECURITY FOR GAMING • Protect the Intellectual Property • Protect the Infrastructure • Avoid cross/internal attacks • Protect digital currencies use • Adhere to the National Defense Program, beyond boudaries • DATA MANAGEMENT • THREAT MANAGEMENT • CODE & APP SECURITY TESTING • EXTENDING PCI-DSS PRINCIPLES • LOG, CORRELATE, CONTAIN, MITIGATE and REPORT BREACHES TIMELY What For… …and thanks to? You don’t WANT to be the VECTOR of a DISASTER, EVER ! https://www.techworld.com/security/uks-most-infamous-data-
  • 16. CODE & APPSEC FOR GAMING SAST – Static Application Security Testing : Working closely with CD/CI infrastructures is timed to respond to the need of testing before releasing. It also provide Security Awareness to your developers thanks to a virtuous feedback and remediation mechanism, even integrated with your IDE of choice. DAST – Dynamic Application Security Testing : By Automated Tools (less efficient) or better by direct testing, the Dynamic Test takes place when application chunks are released in their natural environment, making it the most accurate way to verify that the combination of Application, Hosting Infrastructure and linked Devices (IoT shortly) won’t allow an attacker to ruin your SecureI’m sure you agree this is worthy…
  • 17. DEVSECOPS FOR GAMING Release Management is necessarily an accelerated process, DevOps infrastructure change management’ automation and automated provisioning too. It’s unthinkable to process all this without Security Orchestration, to assure Patching, Golden Copies & Snapshots Updates and Vulnerability Management. DevOps cannot thrive without SecOps It’s a matter of working at speed… or working securely, at speed ! Gaming Industry owes it To The Gamers!
  • 18. I.O.T. SECURITY FOR GAMING DEVICES A VERY QUICK SLIDE HERE… • Should I mention Amazon ECHO ? • Should I mention FitBit ? • Maybe I should mention Connected CARS? • Sniper Rifles, maybe? • Or just go back to STUXNET, Nuclear Plants? You don’t WANT to be in THIS LIST… EVER ! https://www.embitel.com/blog/embedded-blog/security-challenges-faced-by-iot- … FEW WHYs? • LACK OF TESTING • CROSS ATTACK VECTOR • CROSS ATTACK VECTOR • LACK OF TESTING • LACK OF TESTING
  • 19. I.O.T. SECURITY IS A SERIOUS AND VERY INTIMATE MATTER !
  • 20. THE LARGEST THREAT IN CYBER GAMING ISSUES YEAH I’M GOING TO DO IT … : • PLAYSTATION NETWORK • XBOX Live • Battle.Net • STEAM • … You don’t WANT to be in THIS LIST… EVER ! https://www.bestvpn.com/privacy-news/gaming-industry-leak/ …and yet I’m here to FIX not to SCARE : • Core Infrastructure Hack • DDoS, Infrastructure Resilience • DDoS on eb Frontend Infrastructure • Steam Stealer Malware plus a number of previous attacks to Users Endpoints Not a Blame – Game, but better a wake - up call …
  • 22. “ ” VIDEO GAMES AS A TRAINING TOOL TO PREPARE THE NEXT GENERATION OF CYBER WARRIORS Christopher Herr, Dennis M. Allen - July 2015 - Cyber Workforce Development (CWD) Carnegie-Mellon University – Software Engineering Institute To summarize, Cybersecurity and Gaming “UNMISSABLE” marriage, is a two-way process. Since 2015 we measured an explosive growth in attacks against the Gaming Industry, and on the other side we lack the right amount of Cyber professionals to defend it. A Virtuous Exchange is due to compensate for that ! https://resources.sei.cmu.edu/asset_files/Presentation/2015_017_001_4
  • 24. WILL YOU MARRY ME ? I think I can finally understand how much it Is important to stay Secure! Oh my… this change of heart is very touching Guile… Our customers, the “sap” of our online business! Would you marry me, and keep that promise for me? Not just for ourselves, but also for those we oath to protect! Chun-Li, it SOUNDS GOOD.
  • 25. LONG STORY SHORT … That, of Cyber Security and Gaming Dev (including all the Gaming Infrastructures you can think of), is indeed an unmissable marriage, built to last. Secure By Design, is the fundamental Oath we should think as last thought before sleep… LIVE LONG AND PROSPER.
  • 27. All Images used are Copyright® of their respective owners.