40 likes | 44 Views
OWASP Plan – Security Assurance Testing of Virtual Worlds (SATVW). Rick Zhong rick.zhong@gmail.com +65 91838260. Oct 2009. Overview. Issue: Increasing impact of security issues in virtual world applications and environments
E N D
OWASP Plan – Security Assurance Testing of Virtual Worlds (SATVW) Rick Zhong rick.zhong@gmail.com +65 91838260 Oct 2009
Overview • Issue: • Increasing impact of security issues in virtual world applications and environments • No structured approach to identify and assess the security status of Virtual Worlds • Generic application security practice used and it is very similar to web application security 5 years ago. • Solutions: A security testing framework/guideline specific to Virtual World applications and environments.
Objectives • Create a security testing framework specific to Virtual World related applications (MMORGs) and environments. • The targeted audience groups • Developers • Create more secure and robust virtual worlds • End-users (individual players or companies) • Use the framework as a quick checklist to make sure the virtual worlds they dedicate their time, efforts and money have a proper layer of security protection. • Third-party assessors (consultants, auditors and reviewers engaged to evaluate a virtual world application/environment) • Use the framework as a guideline for their evaluation and testing.
Future Plans • Initiation (Jan 2010 to Mar 2010) • Call for community participation • Assemble the project team • First Draft Version (Apr 2010 – Sep 2010) • First Release (by Dec 2010 )