QST is focused on online assessment and testing workflows. Hardening should prioritize exam integrity, secure identity verification, and strict result access controls.
- Restrict exam administration rights to approved staff.
- Enforce secure authentication before test access.
- Limit test preview/export features to privileged roles.
- Log all test configuration and scoring changes.
¶ 2) Secure candidate and result data
- Encrypt data at rest for submissions and scoring records.
- Limit report download permissions and retention windows.
- Protect file upload and attachment channels.
- Back up question banks and score data with restore tests.
- Serve only via HTTPS and secure headers.
- Add rate limiting and brute-force protection for login endpoints.
- Keep backend database private.
- Patch dependencies and runtime regularly.
- QST project website: https://qstonline.org/
- QST source repository: https://github.com/bobb34/QST
Any questions?
Feel free to contact us. Find all contact information on our contact page.