Difference between revisions of "OWASP PureCaptcha"

There are basically three operations needed to properly utilize CAPTCHAs:

• Generating A Captcha

This can be done by the show method of PureCaptcha. It will terminate the current request and return an image to the client.

• Persisting The Captcha Value

The show method also returns a string equal to the Captcha contents. You need to persist it on the session for the user (preferably for a limited amount of time). The example code shows how this can be done simply in your programming language, but any other persistence layer would be fine. Keep in mind that for every Captcha used inside your application (e.g one for login page, one for password reset page, one for remove user page) you should persist the Captcha separately, so that a user can simultaneously use all your applications functionalities without one Captcha overriding the expected value for the other.

• Validating The Captcha

It is very important to remove the Captcha from persistence after its validated, whether its wrong or right. If you leave a Captcha persisting after validation, attackers can bypass your Captcha by inspecting it once and then using the same Captcha over and over to send requests to your application. See the example usages for more details.

How Can I Use PureCaptcha?

Just include the source code file in your project, and visit the sample usage files to learn how to properly use a captcha.

How can I participate in your project?

All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

If I am not a programmer can I participate in your project?

Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

Volunteers

The first contributors to the project were:

• Abbas Naderi

Roadmap

Currently PHP library is available and tested. Porting to all major programming languages is the next step. Since the library is pretty small, this shouldn't be a hard task and can be done in one summer by 1 candidate.

Getting Involved

Involvement in the development and promotion is actively encouraged! You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

Coding

Any programming language you like, you can either port PureCaptcha to or improve the existing code!

Localization

Are you fluent in another language? Can you help translate the text strings and documents into that language?

Testing

Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.

Feedback

mailing list: TBA

• What do like?
• What don't you like?
• What features would you like to see prioritized on the roadmap?