A Security Test Framework Design for QR Code Authentication
Wu, Shiqi (2017-08-15)
There are no files associated with this item.
QR code authentication system is a type of web application authentication system which uses the QR code scanning as the login credentials. Nowadays, there are more and more companies claiming the QR code authentication system is much more secure than the traditional username/password authentication system. How to test the security level of the QR code authentication becomes a serious problem. This thesis is aiming to design a new security test framework for the QR code authentication system because the current existing test frameworks are not suitable for the QR code authentication security test. The new designed security test framework combines the usable test items in the existing test frameworks and new test items based on QR code authentication characteristics. The thesis also uses the QQ Mail services as the sample test to show how the new designed test framework works. The test result shows that the QQ Mail has the medium-to-low security level. The test result also verifies the OWASP’s suggestion that do not use the QR code authentication system if you have to.