Authors: Rinkesh Nagmoti, Sam Chung, Barbara Endicott-Popovsky
The purpose of this paper is to introduce software security for online games at two levels: first at the programming level and second at the web service level. Increasingly game developers are providing their games online, employing web services; however, security threats evolve with the use of web services in such applications which is a great challenge for game developers. The roadblock to providing secure game applications is the lack of understanding of secure coding concepts by game programmers. In this paper we propose the 5W1H re-documentation technique and the use of the Scrum agile software development methodology in a reengineering process to educate game programmers concerning secure coding concepts. The authors first prove how insecure coding can affect the gaming industry by introducing an example of an insecure game login application. Then the same login application is re-documented and reengineered with secure coding concepts. The reengineered application is then tested for security threats.