RockShot, from Soleil Ltd, is a free-to-play dynamic shooter bringing a massive arsenal to an array of PvP and PvE game modes. We were contracted to conduct Grey Box penetration testing on the non-gameplay functionalities.
These included:
- API
- Player lobbies
- Authentication
- Shop and transactions
- Inventory management and equipment system
- Cosmetic items
- Player profile
- Territory and clan systems
- Building system
We discovered and reported a range of vulnerabilities, many of which were deemed of high importance to the development team. As is our standard procedure, we delivered a comprehensive report of our findings alongside guidelines on how to secure them.