'The Vulnerability'Game Development Project

Game Development Project

In Sri Lanka there is no powerful Cybercrime or Information Security Department to get a proper knowledge about these attacks. As a developing Country, now in Sri Lanka they are begins to arrange lectures, summits and other relational meetings to prevent attacks, but there no one is teach them how the attacks were performed, so many people are suffering from the cyber-attacks or computer security breaches.

Therefor the aim of this project is to develop a web base most useful and powerful game to learn about attacks and change the way of thinking of a person to prevent those attacks. If you search on the internet you can find out lots of computer security related games all around the world, and they are not providing the sufficient information about how the attacks were really performed. In those products most of the attacks are performed when you clicked a button, sometimes these actions even not possible to perform in real world. Because of this misdirection and to give real knowledge about attacks, I thought to develop a game that can give knowledge to people to prevent attacks from attackers. This is the first computer security related game ever developed in Sri Lanka.

According to the research I have been carried out, by using different sources like magazines, blogs, articles and etc. Cyber Crime or in other words Computer security breaches growing rapidly in the world. The estimated annual cost due to the cybercrimes or computer security breaches has been 100 billion dollars and increasing. The main reasons for these attacks is that no one knows how these attacks are performed or there is no enough knowledge to stop these kind of attacks.

The latest cybercrime statistics and trends according to the different sources as follows

Figure 1 - Cybercrime Statistics ' Info-Graphic

Figure 2 - Estimate Victim Count Figure 3 - Data Breach Statistics

Figure 4 - Bank Fraud Statistics Figure 5 - Victim by Gender
The proposed game will help to get proper idea, knowledge about the attacks, how they were performed, how to prevent the attacks, how to identify the vulnerabilities or counter measure points that helps for perform an attack. By playing this game you can increase your knowledge about attacks. In this game you need to perform the attack by doing a research about it. The advantage is the user or player will get the full knowledge about the attack and player will get knowledge, skill to think how to prevent particular and different type of attacks, by performing those attacks by them self.

Figure 6 - High Ranked Attacks in Sri Lanka

In Sri Lanka there is no powerful Cybercrime or Information Security Department to get a proper knowledge about these attacks. As a developing Country, now in Sri Lanka they are begins to arrange lectures, summits and other relational meetings to prevent attacks, but there no one is teach them how the attacks were performed, so many people are suffering from the cyber-attacks or computer security breaches. Therefor I'm trying to develop a most useful and powerful game to learn about attacks and change the way of thinking of a person to prevent those attacks. If you search on the internet you can find out lots of computer security related games all around the world, and they are not providing the sufficient information about how the attacks were really performed. In those products most of the attacks are performed when you clicked a button, sometimes these actions even not possible to perform in real world. Because of this misdirection and to give real knowledge about attacks, I thought to develop a game that can give knowledge to people to prevent attacks from attackers. This is the first computer security related game ever developed in Sri Lanka.

This game project will develop a web application that player act as an analyser, researcher or intruder. It includes,

' Details of network devices (Router, Firewalls, Switch)

Most of the users don't know anything about network devices. So how can we prevent from attack without knowing how it works? We need to know about the network devices like what is a router? What does it do? How the data travels between the routers and computers? What are firewall? What are they cable of? What can we do with network devices? Likewise we need to know much about network devices before us going to prevent attack. So from this game you have a knowledge of some particular network device types and how it works.

' Different type of network diagrams

After learning about network devices you would understand the whole internet is an interconnected network using different type of network devices. These network is not connect as a mess up connection. Each and every group of computers are maintains a network diagram. How data transfer with the organization or any the party. Where do we need to put network devices like firewalls, routers, switches and etc.? Actually it's a path of the data travels. So you need to learn about different type of network diagrams to prevent attacks. At the end of the day you will understand how design a network diagram that will give a challenge to the intruders or hackers.

' Weaknesses of Operating Systems

The computer user always think the vulnerabilities are in the network, but do you know no matter how much your network is secured intruder can defeat you by having simple vulnerability in your operate system. So while you are playing this you will learn what are the vulnerabilities in the operating systems, how to identify a vulnerability and how to patch those vulnerabilities.

' How to prevent attacks

While you learning how all the attacks happening at one stage you will have protect from the another massive attack in the game. At that point you will understand how the attacks are performed and you will learn how to prevent from those attacks like by doing load balancing, IDS handing and lot more techniques.

' Cybercrime law

It's very important to know how the cybercrime low will acts on any illegal actions done by over internet. By learning this you will have a knowledge to know what the illegal things in the internet.

' Penetration testing tools

By playing this game you will you understand how to do a Penetration testing for your network? Then you can patch all the vulnerabilities and to make your network designs security as a stronger one.

' Details of attacks and attack types
While you are playing you will get to know about attacking techniques and different type of attacking types. You will learn most popular and dangerous attacks type and how they work then you will have the overall knowledge to prevent from that kind of attack.
1.4.1 GOALS
The goal of this game development project is to develop a web based game in order to give proper knowledge of attacks, how they were performed, to change the thinking pattern of a human to prevent those attacks, give possible solutions about preventing attacks and details about related devices, tools etc.


' To study the concepts of attacks with pros and cons
' To gather requirements from web sites, security magazines, experts, victims, blogs and from ethical hacking students.
' To study technologies such as web based, deductive reasoning and rapid development environment that can create the game
' To plan and design the proposed game with the use of rapid development environment.
' To ensure that end user or player have the exact prototype output with high quality
' To complete the prototype within the given time period
' To create good knowledgeable person to the IT industry
' To minimize the internet security breaches in the world
' To be recommended game for the computer security students

Chapter 01
Introduction gives a project background, motivation of the project, project scope, aims and objectives and overview of the chapters.

Chapter 02
Requirements Analysis and Specification includes a requirements analysis and specification which provides further details on the game prototype to be developed.

Chapter 03
Literature Review discusses similar games and gives the differences between other games and this game

Chapter 04
Design comprises the game design document, in which key areas of concept, Database and user Interface designs are specified.

Chapter 05
Implementation delivers an introduction of the implementation, software requirements, hardware requirements, codes of main sections and re-usable elements.

Chapter 06
Evolution and Testing defines how the game was tested using different methods and the outcomes of the assessment. This includes introduction, test methods, test plan and test cases.

Chapter 07
Evaluation documents an evaluation of the final prototype game, discussing how well the implementation of tactics are working

Before begins the development of the game its need a requirement analysis to be done. This game 'The Vulnerability' should build up by gathering information and need to be clarify the requirement of knowledge, which outputs from the game to the targeted users. Rather than this reason the main one is it's a very important process that we need follow when we following the web development life cycle.

Using the web development life cycle, it's very important to build up the game development project according to the required requirements. If we gathered wrong information and wrong requirements, the game development will be build up with incorrect information. This kind of action can be cause to build up an invaluable useless product. To prevent these kind of problems we need to do the requirement analysis very carefully and need to verify the exact requirements that need to be achieve by developing this game project.

This will explain more details about analysis of the problem implementing the game prototype 'The Vulnerability'. This analysis will cover the high-level functional and the non-functional requirements of the game to be developed. In addition, a number of software development methodologies will be considered for use in the design and implementation of the game. The most apposite methodology will be selected, based on its appropriateness in realizing the game requirements.

The proposed game has to be develop according to the facts that gathered during the requirement analysis process. So before starting the development process the requirement analysis part has to be carried out and it is take major part of the project successes. Before gathering the facts I do some research and I list down the targeted users for the above game development project. The game can be play by anyone who interested to the ethical hacking field. Mainly following people are identified as the main targeted users for game 'The Vulnerability'. CSCU, CEH, CHFI, network administrators and other qualified Security and network Engineers.

Satisfying the above targeted users and the requirements is the main goal of the proposed game development project. To find out the environment of the game, I have to gather the information regarding the environment to choose a friendly and easy environment for the game development project. I have following methods to gather the information from above mentioned users.

I have carried out some interviews with CEH qualified people, Network Administrators and other professional IT administrators and I also took some discussions in an IT related forms. By doing all these researches I have been clarified the problems, required limit of the knowledge and other suggestions. The following outcomes are from the interviews and the discussions,

' Using real commands for the game is really good and also have a risk
' Create basic to advance methods of computer security level by level
' Method to monitor who plays the game
' Give small hints if player cannot do it
' Create levels using real scenarios
' Using command lines and commands, to execute actions are really knowledgeable and more effective than pressing a graphical button in game
' Use an environment that any user can play in different operating systems.

Reviewing documents, books, publishes are very important when you using real scenarios for the game development project. My intent is to provide knowledge in real attacks and to create player minds to think different or in other words look in to a problem in different way and try to solve it. So to get more information, I followed some documents and publishes to get the following details.

' Basic attack methods
' Advance attack methods
' Network security implementations
' Firewall behaviours
' Windows architecture and security
' Linux Systems
' Real commands
' Penetrating Tools
' Internet and Cyber Security Law

Observations were carried out by visiting to a company when the penetration testing were in process carried out by professionals. I have been monitored every process when the testing's are in process. How the attacks were in process, how to identify the vulnerabilities, how to solve the problems and the legal agreements and etc. By observing these process I have manage to exact some methods that can help me to build up some levels in the game development.

While I'm been all those above process, I managed to ask some series of questions from other parties like personal friends, students who doing computer security as their major subject. I manage to get some successful answers about the game development project and the commands and tools that I can use in my game.

By doing all above facts gathering methods I have choose the web platform to create develop the game. It is going develop using HTML5, CC3, JavaScript, PHP, MySQL and other languages and different methods. It can be a challenge to create a game like this in a web platform.

' Anyone can access to game 'The Vulnerability' from anywhere in the world using a web browser
' User can contact rich multimedia works
' Providing online information and knowledge ' 'The vulnerability' game development project will give out more accurate and real information about attacks and methods to prevent those attacks.
' User can give feedback and can make inquires
' The admin can monitor the players who played the game using IP addresses
' Email subscriptions

' The game should include accurate and actual information
' The game provides security
' User friendly environment
' Easy configuration
' Trustworthy communication technology

In software or web developing projects we have to control, monitor the development activities of the analysis, designs, implementations, testing and maintenance. There are different type of frameworks for structuring the development process according to the requirements. They are normally called as 'Software Development Methodologies'. In this section few major methodologies and decides the best suitable methodology for this project.


Figure 7 - Waterfall Model
The waterfall model is the most well-known methodology in the software development industry. It's a sequential design process that use very often in the software industry. This progress is flowing progressively downwards like a waterfall. The waterfall is flows as above in the picture (Figure 7). This model can be work if the plan goes exactly as you planed but unfortunately in software development industry it's totally different. According to this model design has to be finished before the implementation and all the features has to be finished before the testing. If the requirements are not understood to the developers or if developers unfamiliar to certain aspects of the application the outcome can be cause a problem that undetectable for long time. PROTOTYPING

Figure 8 - Prototyping

Prototyping takes a less structured methodology than the waterfall model I described earlier. It Developer will start the developments by using general requirements. Developer perform a quick design face for the related project and build up a prototype of the related project. By throwaway the prototype the developer can collect more requirements from the users for build up the final product. Developer will continue the prototype production until developer get the full idea of the user requirements. This method is good if there are lots of unknowns about how the best approach or even the practicability of the project. INCREMENTAL DEVELOPMENT

Figure 9 - Incremental Development

Incremental development methodologies try to link the crack among the waterfall approach and the prototype approach. By using Incremental development approach, the desired functionality of the project breaks into groups that are manageable to carry out the full software development cycle for each subcategory of functionality. The primary version of the project will developed by using highest priority features and further increments will add to the project until developer meets the exact requirements. The benefit of using this methodology is that problem in designing or implementation can be identified earlier and while the full project is under develop still it allow for identify the semantic errors in the code and time is saved bring down bugs months later. The lessons learned from the increment can assist to improve the effectiveness in the next sub process.

While considering the facts and the requirements of this project I need to choose a correct methodology by considering the implementation details and the project requirements. By considering all the facts and details the methodology for this game development project is a hybridization of the waterfall and the incremental development approaches.

I have already carried out a requirement analysis phase, by studding these requirements the initial game design will be carry out and can design details of the each levels. Detailed design, implementation and unit testing of levels will take place in an iterative cycle, with each cycle realize some subset of the overall game requirements. At the end of the incremental process, full system testing and evaluation of the game will be carried out as the waterfall model.

According to the requirements list out so far, it should be straight forward to divide the game levels into subsets. The content and the duration of each level cycle will be decided in the project plan. Each game level of cycle are willing to bring out the functions of the game. It is hoped that presence of the incremental approach will help to identify the mistakes and slips in the requirements or important implemental problems earlier in this game development project. It's very important to balance the time and allocate the time for each cycle. The time should allocate for these cycle by deducting the time that required to test and evaluate the entire final prototype. (Due to the time duration the full complete game cannot be done according to this timeline. So the overall game prototype will be produced during these time period)

In order to understand the concepts and procedures of particular field game developments and the competitors' game developments, I have carried out a research on the internet. According to my research I have found many web based and pc based application similar to my project. All the games are about hacking systems. I have point out two major applications that are most popular than other mini games. But none of this game use any real commands and sometimes there are some attacks that never done in a real world. All these game are created for leisure use only. They never give a knowledge about what is computer security, what are the threats or how can we protect from them. The GUIs of these games are also not so attractive or user friendly to users. It all are consists with CMD panels. The games are listed below

Exosyphen Studios present series of computer security games as listed below

' Hacker Evolution

Figure 10 - Hacker Evolution

' Hacker Evolution Untold

Figure 11 - Hacker Evolution Untold

' Hacker Evolution Duality

Figure 12 - Hacker Evolution Duality

The most famous and most competitive game in the market is Uplink and the interface is also same as the cmd panels. But in this game they have use good marketing strategies to sell their products using real people. The scenarios and the methods are same in hacker evolution series. They have release their game on the mobile platforms also, because of these facts it has been more famous than the other ethical hacking games in the market.

Figure 13 - Hacker Uplink Elite

After review all these products the advantages of my product, so clear to any human being and I'm sure that 'The Vulnerability' game will gain a good popularity. The main advantages and differences are listed below

' 'The Vulnerability' will give a knowledge about the attack methods, how they were performed
' How to prevent from specific attacks
' Anyone can play the game from anywhere in the world
' User Interfaces are so familiarised and simple to understand to the users
' 'The Vulnerability' use real scenarios on environment that so similar to the real world
' Every code and techniques are used in the game are real
' Player should do a researches, study some areas to complete the levels.

The software or web application designing is a process that makes a basic structural framework of a developing application. It also identifies the subsystems and their internal designs. Database designing is a very important when we concerning the effectiveness and the easy data access. It also include in the design process. There are several designing techniques that can be use when we designing a software or web application. Each of every technique uses for different types of purposes when we develop a software or a web application. There for the decision of choosing the designing technique, we have to make the correct choice for our game development project. The object oriented approach is becoming the most widely used technique when designing a web or software application.

In object orientated designing every item is considered as an object and collection of objects creates a software or web application. There for, it is easy to develop a web or software application that fulfil their requirements. When analysing the all requirements and the nature of the project the object oriented approach is the most suitable approach for this game development project.

IN present day every kind of a development work use the object oriented approach and they also use modelling to resolve the complexity of any project. For example in civil engineering, the model of a building is created before starts the actual project. In software industry they also use models to reduce the complexity of the web or software development application. UML is the slandered modelling language that uses in the software industry. By using UML language they creates the blue print of the software or web development application and also uses to visualizes the software or web development project. In this project UML is used to model the system.

Microsoft VISIO is tool introduced to draw and to show detailed UML diagrams, ER diagrams (Entity Relationship) and other structural diagrams by Microsoft Corporation.

Use case diagram is the simplest representation method of how the user interacts with the web or software application. Basically its shows the relationship between system and the user. When we are describes these diagrams in graphically we used following terms for main objects,
' Use cases
' Actors
' Dependency USE CASE
Use case is a list of steps or naturally defines action between the users and the system or the application that need to be done for achieve a goal or a target. In UML user known as the Actor. In a use case diagram use case are identified as eclipse. USE CASE RELATIONSHIPS GENERALIZATION
It means the child use case gets the behaviour and significance of the parent use case. ACTOR
Actor represent a logical group of roles when interact with the use cases of a particular system. Basically, an actor represent a human, device or another system that contact with the particular system or an application. Actor is representing as a stick figure when the use case diagrams are drawn. 'THE VULNERABILITY' USE CASE DIAGRAMS

Figure 14 - Administrator Use Case Diagram

Figure 15 - Player Use Case Diagram CLASS DIAGRAM
Class diagrams are used to describe the types of objects in the software or web application and their connections or in other words the relationship. This class diagram model is the main building box of the objected oriented modelling. Class diagram is consist with three parts, they are as followed

' Class Name
' Attribute
' Operations

Figure 16 - Sample Class Diagram RELATIONSHIPS BETWEEN CLASSES

When two classes are connected to each other in anyhow, that relationship is known as the association. The UML (VISIO) represent the association relationship with a straight line As follows,

Multiplicity means the number of objects that participates in the association. Like One to Many, Many to Many, zero to Many and etc.

As we mentioned above it means the child use case gets the behaviour and significance of the parent use case. In UML (VISIO) it represent as follows,

Database design is a process of making complete data models of database. Attributes recognised by drawing the class diagrams are all used as the fields in the tables of the database. Data redundancy and the loss of data reliability still can be happen in a database, to prevent from these actions, database has to normalize up to 3rd Normal Form.

Entering duplicated data can be creates the data redundancy. To keep the stability of the duplicated data the insert action should re-run with an update or delete function. The normalization process solve this issue, its mean large tables with fields are dived in to small group of tables and defines the relationship between these tables. To normalize the database there are few concepts were introduced by ancient people. 1st, 2nd and 3rd Normal Form. Normally to normalize a database it should reach up to 3rd Normal Form.

1st Normal Form
A relation is in 1st normal form if the values of each attribute consist an atomic value then it's a 1st normal form. This attribute contain only single value from one domain.

2nd Normal Form
A relative is in 2nd normal form if no non-key attribute functionally depends on just a part of the key. Thus 2nd normal form can only be violated only when a key is a merged key.

3rd Normal Form
In 3rd normal form a non-key attributes never functionally depend on another non-key attribute.

' To determine the and manage the information required
' To normalize the database
' To identify the relationships
' To store and retrieve data for future consumption
' To make the application more flexible and accessible when unexpected requirements occur

Figure 17 - ER Diagram

Figure 18 - ER Diagram with Attributes

Figure 19 - Visitor Table

Figure 20 - Register Player Table

User interface designing is the major task when developing a web or software application. Basically it's interfere with human being and makes the connection between the application and the user. Making user interface very simple to understand to the human being is the main key feature to get popularity for the application. Think if the user interface is unable to understand to the user, the user will never make good impression the application. So considering the above facts this game development project was developed with simple user-friendly interface that confirming good quality GUI that interacts with game. The game developed to maintain the real scenarios so the main interface is always similar to a laptop screen and desktop monitor screen. To maintain the good impression following these major facts were considered when designing the user interface.

' Makes easy understandable screens with more meaningful headings and icons
' Meaningful error messages and the reason for occurring error message
' Use pleasant backgrounds and text formats in the application.
' Make sure the interfaces are same as in real world.
' Use real sounds and quality videos images when designing the interfaces.

Implementation part is the most important part in any software development model. While this approach is in progress we need apply the requirement analysis part and the designing part. This chapter covers all the major codes and modules structures used in the implementation process of development with explanation. The implemented environment and reusable code are discussed in here.

'The Vulnerability' game development project is flows according to a storey. So when deciding the environment that I should developed this game, first of all it was decided to develop as a windows base PC application by using an already existing gaming framework. After consider the requirement analysis phase, lots of people said to develop the game that anyone can play without looking at the hardware and software specification. I thought this whole game is to provide knowledge and creates a knowledgeable human being in to society. So I choose the Web platform to develop this game.

I did some research and found out some games done using php framework. So I also decided to develop this game according to php framework. So for the implementation process I had choose following languages and technologies

' PHP (Hypertext Processor)
' HTML (Hyper Text Mark-up Language)
' CSS (Cascade Style Sheet)
' JavaScript

So after deciding the developing environment I have adapted a my own file structure for the game framework it is as follows

Figure 21 - Framework File Structure

In this php framework folder structure the above picture show you the root folder file structure. If I explain about the structure the application Folder consists the all the level main php file I other words the game application interfaces. The index.php file in the root folder is the main interface that introduce the game background story to the player. The each interfaces will be briefly explain in later. As I mention the application folder holds the interface files. The application folder has been structured as the levels of the game as follows

Figure 22 - Application Folder Structure

In above folders it contain the each related main php file that related to the each levels.

In config folder, it holds the all the database and server configuration files that are related to establish a communication between the database and the web application. It a very important folder, that needs to concern more about the folder security. By downloading, editing or viewing these files can be make big damage to the web server or the web application.

db folder is created to holds the database backups of the game. In case of any intruder attack to the database or the corruptions the backup database can help to retrieve the previous condition of the game very easily if a database related incident happens.

library is a very important folder, as in the folder structure shown in figure 17.
The library folder includes the all class files, library files, control files that related to each levels. These are the pack of modules that helps to perform reaction to user actions in the application folder files. All the main level interfaces are connected to this folder. Every action done by the user in the levels will be performed by files that in this folder. In library folder there is another folder structure inside it, it's maintain like in the application folder. (Figure 18) each level have their own folder to place the module files.

In the public folder it contains all the CSS, Images, Audio Files, Java Scripts and other public files. Inside this folder we maintain the normal folder structure that we use when creating a website. It is as follows

Figure 23 - Public Folder Structure

Inside of the above each folder it again structured into folders according to the game levels.
tmp folder contains all the related temporary files to the game sometime it may can be a document, picture or any other temporary script.

So the whole game is files are structured according to the above folder structure, this type of folder structuring method also called as MVC (Model View Controller). By following these type of methods it helps to do the implementation easily in less time duration and any one can understand the full game flow in few minutes by studding the folder architecture.

Before the implementation process it's very important analysis the software requirement for the developing application. When considering the requirement analysis phase and the above mentioned facts this game is can played in any environment with minimum hardware requirement of an application. Because this is a web application this can be played in any computer that's have a browser and an internet connection. This could be the minimum software requirement that a game can offer.

In this game all the actions are works in the real world. So Implementation should be done to same as the real world action. When we talking about the real actions most of the attacks are deployed through a command prompt. So the user need to have a command prompt to type in the code to do the actions. Implementing a command prompt is not an easy challenge in such short period of timeline. So to do this I have to use the latest technologies. So I have used HTML 5 canvas to implement this game development project. Most of the browsers are now support for HTML 5 canvas. The minimum Software requirement as follows

' Windows XP Operating System
' Internet Explorer 10+, Firefox 16+, Opera 12.1+, Google Chrome 26+ or Safari 6.1+ web browser

These are the minimum software requirement that a player should have to play the game 'The Vulnerability'

The hardware requirement also very important as same as the software requirements. As I mentioned above in the requirement analysis phase, there were suggestions to develop the game that anyone can play without looking at the specification. But in real world at least there is a minimum software and hardware requirement for every game. Because the game is developed as a web application the hardware specification also so low when comparing to the other games developed in the industry. The players' hardware specification is not much effective to this game development, because the game is on another server and the player only access the game using a web browser. So it enough to have a hardware specification to run the supported web browser like I mentioned above. So considering all these factors this is the minimum hardware requirement for the game 'The Vulnerability'.

' Intel?? Pentium' 1.6 GHz
' 512 MB Ram
' 20 GB Hard Disk
' Internet Connection

After studying the requirement analysis phase and the designing phase. I drew up flow chart for the main introduction part. First of all I thought to create a video about the story background and then goes to the first level of the game. Then I realise that video will consumption the internet bandwidth of the user very much. So I decided to use the latest Java Script. By doing a research I found out the animateElement property that available in JavaScript.

I used this property to make a video about the background story of the game. So the game main interface flows as follows in the diagram

Figure 24- Main interface Flow Chart

As you can see above flow chart when user enters to the web application the user will get a graphical animation series that shows the background story of the game. These picture are moving like an animations and slowly move downwards as an animated comic video. At the bottom of the animation user can display a two buttons that one button will reach the player to the level 1 and other button to another web page that user can make inquiries, feedbacks and subscribes.

In this phase of implementation it's mainly focused on human interaction with sound and high end media actions. As software developer says every code is a path to the overall success of the final product. So in here I used JQuery image loader to prevent any loading errors. All the images are used in the game are high quality images. It helps to maintain the quality of the product. So if the internet connection is very slow the user cannot gets the exact output from the main interface when player enters to the web application. If images are not loaded then the background story animation will be messed up production to the real world. This impression will gives a bad thoughts about the game interface to the user or visitor.

$(document).ready(function () {
barColor: "#FFF",
backgroundColor: "#000",
percentage: true,
barHeight: 1,
completeAnimation: "grow",
minimumTime: 100

In JQuery Image Pre Loader, from the above code we can simply change the colour, style or can do any other modification to the pre loading screen. I have used black colour background and white colour font styles to give a dangerous look to the page. In main interface I simply used nine boxes to animate the background story.

After building up the main interface I had look forward to the game level interfaces. These interfaces and these implementations are the challenging phase to go on. By considering requirement analysis and designing phases facts I have decide to maintain a simply interface that everyone will get familiar with. Drew up flow chart to make my work easier. The flow chart as follows

Figure 25 - Level 01 Flow Chart

As you can see in the above flow chart after the visitor visit to the web site player meet up with the intro page then player click on the play button then the user will redirect to the agreement & level instruction page.

The codes and commands used in this games also works in the real world. These games are build up on using real serious so, for users we gives the notes and warnings for this commands and actions are strictly education purpose only and this page also include the all trademark register terms and the level 01 instructions.

As I decided earlier the game is mainly targeted for the professional who works in this specific field so there are no game hints for the players. But while considering the requirement analysis phases I have just added some tips what kind of fields does you have to follow up to complete this level. So all the instruction player need are in this page.

Figure 26 - Copyright Notice

So the scenario based on the first level is to retrieve a text file that saves in a folder called NUL in c:/> drive of a windows XP environment. The NUL folder cannot be access using the Graphical User Interfaces. The only solution is to retrieve the text file is from the command shell. There is only one way to solve this problem. So the player should accept this challenge to move on to the second level. As I told earlier I have put hints in the description to solve this problem. They are the user have to refer the windows folder architecture and windows action control permissions.

So according to the level one scenario I have built up the interface similar to the windows XP environment. Implementing a windows GUI is a hard and time wasting work if you are using div, tables and other tags. If the GUI built up like that need to use a canvas and have to list up the click events on the specific icon to perform action these all are techniques that can use to implement the game.

But I used different method without using a canvas or div or table. I have used the Google mapping technique to complete the game levels GUIs. So I used a fixed frame size for my desktop screen and then used a background that shows a desktop monitor works on table. To monitor screen I have replaced my desktop screen that all the action are going to happen.

So after implement my main structure I have used a screen shot of a real Windows XP desktop and placed it in the fixed frame that I have mentioned earlier. Then I used <map> tag and <area> tag to place the rectangle area in top of the screen shots icons like one rectangle on my computer icon in the screen shot. These rectangles are placed using longitudes and latitudes values of the screen. Because I used a fixed frame as the monitor screen the coordination will not change on any screen resolution. It's an easy method to implement the GUI for the game. So I created up the all the related interfaces as different php files.

Figure 27 - Desktop Screen

<div id="container" style="width:800px; position:relative; margin-left:auto; margin-right:auto; margin-top:30px;">

<img src="../../public/img/level-01/desktop.jpg" width="800" height="600" alt="Desktop" usemap="#desktopMap">

<map name="desktopMap">
<area id="myComputer" shape="rect" coords="20,20,100,100" alt="My Computer" href="level-01_myComputer"> <!-- width,height,right,top-->
<area id="cmd" shape="rect" coords="20,120,100,200" alt="Command Prompt" href="level-01cmd.php">

By using only this simple short codes I have implemented all the interface that's are related to the level 01.

The next challenge is to build up a command shell in a web platform. So I have done lots of researches and finally found out that the command shell can create by using HTML 5 canvas property. So I dig up more about canvas and finally found a Google project called HTML5 Terminal that done by the Eric Bidelman who works in Google as a Software Engineer and Developer Relations. I have used this open source code and customized the interface as the real world terminal. The project HTML5 Terminal was a canvas project that the user actions were handled by using java scripts. So I wrote up my own functions that can be used in level 01. By referring this project I have implemented the first level and my command shell as follows.

Figure 28 - Command Shell

This command shell has been modified with the real error messages and real commands that use in the windows XP environment. By typing help user can view the available commands in level 01 to complete the game. I have used Switch Case method to handle the user action in the canvas. Major common codes are as follows,
case 'exit':
var User_reply=confirm("Do you really want to exit from the game?");
if (User_reply==true){
var win = window.open("","_self");

function clear_(input) {
output_.innerHTML = '';
input.value = '';
document.documentElement.style.height = '100%';
interlace_.style.height = '100%';

if (cmd) {
output('&lsquo;'+ cmd + '&rsquo; is not recodnized as an internal or external command, operable program or batch file.');

case 'help':
output('<div class="ls-files">' + CMDS_.join('<br>') + '</div>');

case 'date':
output((new Date()).toLocaleString());

case 'dir':
output('<div> ' +
'<br> Volume in drive C has no label. <br> ' +
' Volume Serial Number is 8C98-1089 <br><br>' +
'Directory of C:\ <br><br>' +
'03/08/2014 &nbsp; &nbsp; 11:03 AM &nbsp; &nbsp; &lt;DIR&gt; &nbsp;&nbsp; &nbsp; &nbsp;AUX<br>' +
'02/22/2014 &nbsp; &nbsp; 10:59 AM &nbsp; &nbsp; &lt;DIR&gt; &nbsp; &nbsp; &nbsp; Documents & Settings<br>' +
'03/12/2014 &nbsp; &nbsp; 06:45 PM &nbsp; &nbsp; &lt;DIR&gt; &nbsp; &nbsp; &nbsp; Program Files<br>' +
'02/22/2014 &nbsp; &nbsp; 12:06 PM &nbsp; &nbsp; &lt;DIR&gt; &nbsp; &nbsp; &nbsp; Windows<br><br>' +
'0 File(s) 0 bytes <br>' +
'4 Dir(s) 46,404,993,024 bytes free<br><br>' +

These are some major common switch case triggers I used in the game and after user complete this level then a message will pop up and congrats to the player and user will navigate to the second level of the game. Considering another point from the discussion over the forums, the user game level status has to be saved for resume playing. Otherwise it will be boring to play over and over the same level to get the final level. So after user finished up the first level user is promoted to enter their name and the save the game at that point.

After user enter the name and click continue, a cookie will save in to the users machine to identify, which level that user has been completed up to this point. I used the cookie because if I used the users IP to continue the game then it will be create a misdirection for the users because the IP address are normaly generate through IP pool. So same user can't get the exact IP address when user log in to the internet in next time.

As I mentioned in designing phase for the admin use I have monitored and saved the all the visitors data in to table. Details like follows

Figure 29 - Visitor Details

In the cookie I saved following details.

Figure 30 - Register Player Details

' Cookie name
' Value

By setting these values in to the cookie then any time user can exit from the game and come back later to play it again. First of all I thought not save any detail of the player and each time player have to play the game from beginning. So I just tested the first level with a network administrator one of friend. He took more than I hour to finish the level and his feedback is very good so, that's why I change my mind to save the player level status and let them continue the game later.

So according to above description I placed the php code to validate whether there is a cookie if there is one then user will automatically redirect to the recorded level in the cookie. The php code I placed to validate is displayed below.

$regPlayerLevel = $_COOKIE["TheVulnerability "]
case 2: session_start();
$_SESSION['regPlayer'] = $regPlayerLevel;

case 3: session_start();
$_SESSION['regPlayer'] = $regPlayerLevel;

case 4: session_start();
$_SESSION['regPlayer'] = $regPlayerLevel;

case 5: session_start();
$_SESSION['regPlayer'] = $regPlayerLevel;

So according to above code if the cookie is set user will redirect to related level and each level index.php include a php code to validate whether the session value match to the level value if not the level index.php will redirect to the level one index.php file.

$level = $_SESSION[' regPlayer '];
if($level != '2')

So as the above details my whole game is structured and implemented according to the above techniques. My game 'The Vulnerability' includes 20 levels but according to the time line and the guidance of my project supervisors I have managed to build up a prototype of the game with including 5 levels of the game. As I mention above the first level is to retrieve a text file from a windows machine environment.

In second level you will get the chance to hack in to a Microsoft Sever and deploy a backdoor in to the server. In this level you will be working in a Linux based environment.

In third level you will get the chance to break in to a password protected WIFI connection. This level also have to complete in Linux base environment.

In fourth level you will face an exam about cyber law, internet security. This level will give you the exact knowledge about the legal phase of the cybercrimes.

In my last level you will get the knowledge how the advanced phishing attacks are done. You will get a chance to hack down a windows server then you need do some work and need to breach the network, finally you need to retrieve the Facebook password and the Gmail password of the Mr. Peterson (made up character in the game). To finish up the last level you need the all the knowledge from the past levels.

By completing each level the player will give information how to stop such a problem. After playing these games you know how the attacks were done and now you can take precautions to prevent it by thinking like a thief not like a normal person.

In any software development life cycle the designing, implementation approaches are the most important phases. But these two phases get the real value of it when the testing approach is combined with these two phases. Without the testing phase the above two phases can be an invaluable. So software testing phase also more important like other two phases.

Software testing means an investigation carried out by Quality Assurance people or in other words the software testers to validate the quality of the implemented product. Software testing is not a field that anyone can put limits on. The implemented software/application or the product can test out in many ways. When carry out these testing there has been testing techniques to make the work easier. These techniques are used to make sure that implemented product meets the requirements, work as projected, runs without any problems or bugs and etc. The software testing is depends on the way of the methodology has been chosen. Normally the testing will be started when the implementation phase is completed. As I say the testing method depends on the methodology you choose. Think if you choose the waterfall methodology then you have to start the testing phase when the implementation part is over. But if you choose the incremental methodology then you will start your testing for each subgroup.

There are lots ways to test a software application. There are few methods that we use in the industry as testing methods. But nowadays the software testers always use the box approach. The approach include following methods

' White Box Testing
' Black Box Testing
' Grey Box Testing

White box testing also known as the clear box testing. White box testing means the testing technique to test internal structures of the implemented software. That means the white box tester should have knowledge about the programming. In here the tester will test the application by reviewing the source codes and check weather functions are properly corded and working correctly.

Black Box testing is a testing technique that's treat the application as a big black colour box. To perform this kind of test the tester do not needs to have any programming skill. This testing technique is not required the internal process of the application. In this method tester only test the GUI with functionality that are pre-defined.

The grey box testing is a combination of the white box and the black box methods. This method is powerful than other methods. Because this test method test the application internal and external structure. To perform a grey hat test to application the tester should have the programming skills and the tester should have the skill to test the application as the user point of view.

As I mention testing methods above there are testing levels also. There are generally four recognized testing levels we used in the software industry. There are as follows

' Unit Testing
' Integration Testing
' System Testing
' Acceptance Testing

Unit testing is a test level that test the small piece of a testable software in the application. It can be a function that have been coded to for reusability in your application. By unit testing it test the function or small pieces as a one software. Unit test also known as component testing due to this reason.

Integration testing is a testing level that test the graphical user interfaces and the modules of the application. It test whether the application modules or coded functions are properly integrated with the GUI. By using this testing level we can found out the GUI errors in the application.

System testing level is a level that test the all parts in the system. It means this test level test all the modules and interfaces that's combined with the full system and this test level also check whether the application cause any uncommon process with the working environment. Like corrupting memory that shared and etc.

Acceptance testing is a well-known test level to software users. This test level also known as the Beta test. In this level the tester will be the end user. The end user will test the system, whether its meets their requirements. If any error are discovered, the error will be corrected.

The test plan of this game 'The Vulnerability' will describe the methods and the levels used to test this game development project. The Quality assurance of the game will be test using in a real environment. As I told earlier the testing methods and levels will be depend on the used software developing methodology. This game development project used a hybrid methodology. So the according to that unit testing has be carried out to make sure the functions and procedures are behaves as planned. It is a white box testing so the test has been done when the particular module coding is done. An integration level has been done to check whether the GUI and the code units are behaves as planned. This was done under a grey box testing. After all the integration and unit tests are done. The whole game was tested as a system level test to make sure the all the modules and the GUIs are do their work properly. This system test has been carried out in different environments. As I mention above the final product will get its real value when the all test are done. So after completing the final prototype it has been thrown away for few users as an acceptance testing or in other words as a beta test. The beta test level has been carried out in the black box test method.

As we all know the test cases are the most important contents in a test plan. So I have been carried some test cases to test the entire game. Because this is a game, some of the models are so common to every level. So I have bring the major test cases that I have tested on the game 'The vulnerability'. They are as follows

Test Case ID : Test case 01
Module Name: 'The Vulnerability'
Test Title: Intro page navigation as a new visitor
Description: Navigate to the level 01 intro page
Test Executed by: Chathura Asanka
Test Execution date: March 20 2014 09:05 GMT
Test Steps Expected Result Actual Result Status
Click on the play button at the end of the game intro as a new visitor Should navigate to level 01 intro page User redirect to the level 01 intro page without any errors '

Test Case ID : Test case 02
Module Name: 'The Vulnerability'
Test Title: Intro page navigation as a registered player
Description: Navigate to the level 02 intro page
Test Executed by: Chathura Asanka
Test Execution date: March 20 2014 09:15 GMT
Test Steps Expected Result Actual Result Status
Click on the play button at the end of the game intro as a resume player Should navigate to level 02 intro page (as saved in the cookie) User redirect to the level 02 intro page without any errors '

Test Case ID : Test case 03
Module Name: 'The Vulnerability'
Test Title: Visitor Data Storing
Description: Visitor data stored in the visitor table in the database
Test Executed by: Chathura Asanka
Test Execution date: March 20 2014 09:30 GMT
Test Steps Expected Result Actual Result Status
Visit the game main intro page Automatically saves the victors detail like IP, Browser, Timestamp All the detail stored in the visitor table in the database as implemented '

Test Case ID : Test case 04
Module Name: 'The Vulnerability'
Test Title: Direct access to upper level
Description: Visit the level two using the URL as a visitor
Test Executed by: Chathura Asanka
Test Execution date: March 20 2014 10:10 GMT

Test Steps Expected Result Actual Result Status
Type the-vulnerability/application/level-02 in URL bar as a visitor User need to redirect to the level 01 game intro User redirect to the level 1 successfully '

Test Case ID : Test case 05
Module Name: 'The Vulnerability'
Test Title: Direct access to upper level
Description: Visit the level 2 using the URL as a registered player
Test Executed by: Chathura Asanka
Test Execution date: March 20 2014 10:30 GMT
Test Steps Expected Result Actual Result Status
Type the-vulnerability/application/level-02 in URL bar as a visitor User displays the level 02 intro page Level 02 intro page loads successfully '

Test Case ID : Test case 06
Module Name: 'The Vulnerability'
Test Title: Click Icon
Description: Click on the my computer icon
Test Executed by: Chathura Asanka
Test Execution date: March 20 2014 12:30 GMT

Test Steps Expected Result Actual Result Status
Click on the my computer icon Loads the My Computer Explore Displays the my computer in explore '

Test Case ID : Test case 07
Module Name: 'The Vulnerability'
Test Title: Click Icon
Description: Click on CMD icon
Test Executed by: Chathura Asanka
Test Execution date: March 20 2014 13:10 GMT

Test Steps Expected Result Actual Result Status
Click on the CMD icon Open a new tab and loads the command prompt The click event doesn't triggered '

Test Case ID : Test case 08
Module Name: 'The Vulnerability'
Test Title: CMD Command Check
Description: Run the dir command in the CMD
Test Executed by: Chathura Asanka
Test Execution date: March 21 2014 08:00 GMT

Test Steps Expected Result Actual Result Status
Type dir in the command prompt and hit enter List up all the folders and their details one by one The folders and details list up as planned '

Test Case ID : Test case 09
Module Name: 'The Vulnerability'
Test Title: CMD Command Case Sensitive
Description: Run the DIR command in the CMD in capitals
Test Executed by: Chathura Asanka
Test Execution date: March 21 2014 08:10 GMT

Test Steps Expected Result Actual Result Status
Type DIR in the command prompt and hit enter List up all the folders and their details one by one The folders and details list up as planned '

So these are the major test case when look at the overall game development project. Test case 07 has been correct after the test result. The solution was the correction of the longitude and the latitude digits of the rectangle in the picture.

The ultimate purpose of developing this game, is to help the people who are suffering from cyber-attacks and computer security breaches. Rather designing part the development part is more critical and more challengeable to me, to build up such a game in short of time period and without the proper resources. That why I chooses web platform to complete the project because the there is no enough resources or labs to make this game as a PC version. This game development is like a dream coming true to me. Because of this I have managed to learn Maya 3D animations also. But changing the platform was so challengeable to me.

Last few months I have studied about canvas and more other web base techniques. The Object oriented programing always that talks about the code reusability, so some times I used OOP in my game for some modules. But still I also used the procedural programming style as well.

My design was so simple and more real to the real world scenarios. The GUI is more familiar to any person who plays the game and I feels better that anyone can play the game without thinking the hardware or software specification. The feedbacks I got from my friends was makes me more courage to build up the rest of the game so quickly. For a result of that I have already apply for the registrations of trademarks and copyrights. Even I have now a company that's wait to sponsor my project after looking at this. I am satisfy with what I have done in this short period of time and the platform I have choose to develop the game 'The Vulnerability'.

This product 'The Vulnerability' has the ability to implicate with future human needs and wants in the IT security field. The recommendations are describes below.

' The game should enhance with more graphics, like including more 3D animations.
' The game should have capability to play in multiplayer mode, then one player can play as an intruder and other player can play as the attack preventer. This game mode will give a very interesting & different look to the game 'The Vulnerability'
' The game should be updated as more levels with using the latest technology. It will help users to get latest information about the security field.
' Need to implement a super machine character in the game that's behave according to the user actions. Then this character can talk, give hints to user. It will help the user to play the game without being boring.
' The game interface should improve to play in any device like tablets, smartphones. '
' Voice recondition is more effective as a future improvement the game 'the Vulnerability'
' Should have the capable to create a profile for user and should have the capability to assign a special missions to random selected users in multiplayer mode.
' Need to user more high quality images, sounds and videos to make the game looks like real.

Through the path of this project lots of useful and interesting things were achieved by me. Mainly the initial project goals were achieved and if I mention the major achievements it can be the listed as like this. Developing a web based gaming project, how to protect the hosting, and applying advance and professional software developing methodologies and techniques, how to complete the project reports using project management concepts. I have achieved above goals and met my challenge by implementing the prototype game successfully.
The project was carried out as a partial fulfilment of the requirement of the Degree of SCHOOL OF COMPUTING, UNIVERSITY OF TEESIDE MIDDLESBROUGH.

' Cyber Crime Statistics and Trends [Infographic]. 2014. Cyber Crime Statistics and Trends [Infographic]. [ONLINE] Available at: http://www.go-gulf.com/blog/cyber-crime/. [Accessed 18 March 2014].
' Software Development Methodologies - CodeProject. 2014. Software Development Methodologies - CodeProject. [ONLINE] Available at:http://www.codeproject.com/Articles/124732/Software-Development-Methodologies. [Accessed 19 March 2014]
' 2014. . [ONLINE] Available at: http://blog.hydro4ge.com/wp-content/uploads/2007/12/h4_waterfall.jpg. [Accessed 19 March 2014].
' 2014. . [ONLINE] Available at: http://www.teach-ict.com/as_a2_ict_new/ocr/A2_G063/331_systems_cycle/prototyping_RAD/miniweb/images/evolutionary.jpg. [Accessed 19 March 2014].
' Iterative and incremental development - Wikipedia, the free encyclopedia. 2014. Iterative and incremental development - Wikipedia, the free encyclopedia. [ONLINE] Available at:http://en.wikipedia.org/wiki/Iterative_and_incremental_development. [Accessed 20 March 2014].
' 2014. . [ONLINE] Available at: http://www.arctern.com/uploadedimages/iterative-model.jpg. [Accessed 20 March 2014].
' Software design - Wikipedia, the free encyclopaedias. 2014. Software design - Wikipedia, the free encyclopaedia. [ONLINE] Available at: http://en.wikipedia.org/wiki/Software_design. [Accessed 25 March 2014]
' Object-oriented design - Wikipedia, the free encyclopedia. 2014. Object-oriented design - Wikipedia, the free encyclopedia. [ONLINE] Available at: http://en.wikipedia.org/wiki/Object-oriented_design. [Accessed 25 March 2014]

' Database design - Wikipedia, the free encyclopedia. 2014. Database design - Wikipedia, the free encyclopedia. [ONLINE] Available at: http://en.wikipedia.org/wiki/Database_design. [Accessed 27 March 2014]
' Write your own PHP MVC Framework (Part 1) | anant garg. 2014. Write your own PHP MVC Framework (Part 1) | anant garg. [ONLINE] Available at: http://anantgarg.com/2009/03/13/write-your-own-php-mvc-framework-part-1/. [Accessed 28 March 2014].
' HTML5 Showcase for Web Developers: The Wow and the How. 2014. HTML5 Showcase for Web Developers: The Wow and the How. [ONLINE] Available at: http://www.htmlfivewow.com/. [Accessed 01 April 2014].
' Software testing - Wikipedia, the free encyclopedia. 2014. Software testing - Wikipedia, the free encyclopedia. [ONLINE] Available at: http://en.wikipedia.org/wiki/Software_testing. [Accessed 02 April 2014
' Software Testing Methods (Black Box, White Box, Grey Box ). 2014. Software Testing Methods (Black Box, White Box, Grey Box ). [ONLINE] Available at: http://www.tutorialspoint.com/software_testing/testing_methods.htm. [Accessed 02 April 2014].


Figure 31 - Content Chart


Figure 32 - Home Page (Game Intro)

Figure 33 - Copyright Agreement

Figure 34 - Windows Desktop

Figure 35 - My Computer

Figure 36 - Local Disk (C:)

Figure 37 - Windows CMD

Figure 38 - Linux Desktop

Figure 39- Linux Terminal

Figure 40 - Feedback & Subscribe


Figure 41 - Entity Relationship Diagram


-- Database: `the_vulnerability`
-- Table structure for table `reg_player`

`regPlayer_No` int(11) NOT NULL AUTO_INCREMENT,
`regPlayer_VisitorNo` int(11) NOT NULL,
`regPlayer_Name` varchar(20) NOT NULL,
`regPlayer_Level` int(1) NOT NULL,
`regPlayer_Hash` varchar(64) NOT NULL,
PRIMARY KEY (`regPlayer_No`)

-- --------------------------------------------------------

-- Table structure for table `visitor`

`visitor_No` int(11) NOT NULL AUTO_INCREMENT,
`visitor_IP` varchar(20) NOT NULL,
`visitor_OS` varchar(20) NOT NULL,
`visitor_Browser` varchar(20) NOT NULL,
PRIMARY KEY (`visitor_No`)

-- Constraints for dumped tables

-- Constraints for table `visitor`
ALTER TABLE `visitor`
ADD CONSTRAINT `visitor_ibfk_1` FOREIGN KEY (`visitor_No`) REFERENCES `reg_player` (`regPlayer_No`);

Source: Essay UK - http://www.essay.uk.com/free-essays/information-technology/vulnerability-game-development-project.php

About this resource

This Information Technology essay was submitted to us by a student in order to help you with your studies.

Search our content:

  • Download this page
  • Print this page
  • Search again

  • Word count:

    This page has approximately words.



    If you use part of this page in your own work, you need to provide a citation, as follows:

    Essay UK, 'The Vulnerability'Game Development Project. Available from: <https://www.essay.uk.com/free-essays/information-technology/vulnerability-game-development-project.php> [27-05-20].

    More information:

    If you are the original author of this content and no longer wish to have it published on our website then please click on the link below to request removal: