This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Testing for Captcha (OWASP-AT-012)"
(→WARNING: Captcha protection is considered to be an ineffective security mechanism!) |
(→WARNING: Captcha protection is considered to be an ineffective security mechanism!) |
||
Line 7: | Line 7: | ||
<br> | <br> | ||
'''It is not recommended to use Captcha protection for security-critical applications''', in this case it is more suitable to use SMS text messages or OTP tokens instead. | '''It is not recommended to use Captcha protection for security-critical applications''', in this case it is more suitable to use SMS text messages or OTP tokens instead. | ||
− | [[Media: | + | [[Media:Image2.jpeg]] |
== Brief Summary == | == Brief Summary == |
Revision as of 00:10, 18 November 2013
This article is part of the new OWASP Testing Guide v4.
Back to the OWASP Testing Guide v4 ToC: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Back to the OWASP Testing Guide Project: https://www.owasp.org/index.php/OWASP_Testing_Project
WARNING: Captcha protection is considered to be an ineffective security mechanism!
Most current used Captcha images can be easily cracked in a fully automated way using many commercial or opensource services. Commercial services are usually very cheap and provide a simple API for most programming languages.
It is not recommended to use Captcha protection for security-critical applications, in this case it is more suitable to use SMS text messages or OTP tokens instead.
Media:Image2.jpeg
Brief Summary
CAPTCHA ("Completely Automated Public Turing test to tell Computers and Humans Apart") is a type of challenge-response test used by many web applications to ensure that the response is not generated by a computer.
Description of the Issue
...here: Short Description of the Issue: Topic and Explanation
Black Box testing and example
Testing for Topic X vulnerabilities:
...
Result Expected:
...
References
Whitepapers
...
Tools
...