Project Abstract

Video games are becoming increasingly popular, overtaking other forms of media. As more games offer online services, securing a safe connection grows crucial for customer consumer data protection. This research focuses on creating an API for a generic non-realtime Player Vs Player game through contract-first API design. Previous research has explored securing APIs and increasing robustness, however few research projects have been conducted with the perspective of video game development. This study details generating key steps developers can execute to maximise robustness and security, that counter threats and problems arising from creating a game’s API. STRIDE threat modelling is utilised with failure mode and effect analysis to rank threats to the API. Rigorous software testing and input verification is implemented to evaluate robustness. Measuring these two criteria allowed the identification of the following generic stages of development execution: authenticating users to enables data modification, mandating an API key requirement for public API, limiting higher-privilege endpoints, and validation of all inputs. Implementing these steps, and actions following similar consideration, will increase security across the video game industry for both players and developers, encouraging future growth and sustainability.

Keywords: C# API, API Security, API Testing

 Conference Details

Session: Poster Session B at Poster Stand 48

Location: Sir Stanley Clarke Auditorium at Wednesday 8th 09:00 – 12:30

Markers: Tom Owen, Monika Seisenberger

Course: BSc Software Engineering FI, 3rd Year

Future Plans: I’m looking for work