OWASP Plan – Security Assurance Testing of Virtual Worlds (SATVW) Rick Zhong rick.zhong@gmail.com +65 91838260 Oct 2009

Overview Issue: Increasing impact of security issues in virtual world applications and environments No structured approach to identify and assess the security status of Virtual Worlds Generic application security practice used and it is very similar to web application security 5 years ago. Solutions: A security testing framework/guideline specific to Virtual World applications and environments.

Objectives Create a security testing framework specific to Virtual World related applications (MMORGs) and environments. The targeted audience groups Developers Create more secure and robust virtual worlds End-users (individual players or companies) Use the framework as a quick checklist to make sure the virtual worlds they dedicate their time, efforts and money have a proper layer of security protection. Third-party assessors (consultants, auditors and reviewers engaged to evaluate a virtual world application/environment) Use the framework as a guideline for their evaluation and testing.

Initiation (Jan 2010 to Mar 2010) Future Plans Initiation (Jan 2010 to Mar 2010) Call for community participation Assemble the project team First Draft Version (Apr 2010 – Sep 2010) First Release (by Dec 2010 )