Continuing to ensure data security and privacy in proctored exams

With the user’s privacy and data security under scrutiny, taking actions to ensure that sensitive data are handled appropriately is essential.

On May 8, ProctorExam took a 5-day penetration test to vet our platform for all relevant security flaws. With an aim of providing our users with a safe online environment to take a remote assessment, we are pleased to share our results, which are supporting our objective to provide a robust secure online proctoring environment.

Testing standards and targets that provide assurance of a truly compliant platform and service

With so many issues surrounding the controversial conduct of proctored exams using online platforms, ProctorExam decided to vet their platform for any potential data leakage at any stage of the exam.

On May 8, 2020, the online platform underwent a rigorous WhiteBox WebApp Penetration Test for five straight days. The aim of this test was to ensure the data security of end-user data. 

A 5-day long extensive Penetration test

The scope of this test was to examine their online platform which comprises a Rails Application and a signaling application built on NodeJS. The test lasted for 5 days from May 8 to May 13, 2020.

The Penetration Testing Execution Standard (PTES) was used in conjunction with the Open Web Application Security Project (OWASP) as baseline methodologies for undertaking the tests. 

The attack vectors that were considered during the test were:

• Information leakage
• Sensitive data exposure
• Unauthorized access
• Broken authentication
• Broken access control
• Injection

The test was conducted for the prevalent use case which is for the end-users taking exams using public/personal computers from their homes and platform users who can be academics and proctors.

The successful test observations were as follows:

• There is no authorized remote access to the servers that are hosting the platforms.
• Redirection and error control are set up appropriately.
• Remote code execution was not achieved.
• Injection attacks were unsuccessful.

The aim of undergoing this rigorous penetration test was to make sure that the platform’s users’ rights are protected and the utmost concern of data security is addressed under legal and technical supervision. The test results demonstrate the level of security checkpoints that block all the major sorts of malicious activities.

ProctorExam has been making efforts to provide integrated and protected environments for students and learners to not only enable them to take tests from home with comfort but also to help them establish the trust back in the system.

Still not sure if it’s legally binding to the regulations? Read the article below on how ProctorExam is following GDPR rules. A comprehensive article that covers all the aspects of GDPR that needs to be addressed to put the users first.