This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP PureCaptcha"

From OWASP
Jump to: navigation, search
(Created page with "=Main= <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">link=</div> {| style="padding: 0;margin:0;margin-top:10px;t...")
 
(updated reop links to OWASP github)
 
(16 intermediate revisions by the same user not shown)
Line 6: Line 6:
 
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
  
<span style="color:#ff0000">
+
Welcome to OWASP Pure Captcha project page!
Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.
 
</span>
 
 
 
 
==OWASP PureCaptcha ==
 
==OWASP PureCaptcha ==
Use CAPTCHAs in your application without any dependencies, no require libraries and nothing to install. Just include a single small source-code file to have fully functional CAPTCHAs in your project.
+
Use CAPTCHAs in your application without any dependencies, no required libraries and nothing to install. Just include a single small source-code file to have fully functional lightweight CAPTCHAs in your project.
  
 
==Description==
 
==Description==
Line 22: Line 19:
 
==Licensing==
 
==Licensing==
 
Creative Commons Attribution ShareAlike 3.0 License
 
Creative Commons Attribution ShareAlike 3.0 License
 +
 +
Apache 2 License
  
 
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
  
 
== Project Resources ==
 
== Project Resources ==
<span style="color:#ff0000">
 
This is where you can link to the key locations for project files, including setup programs, the source code repository, online documentation, a Wiki Home Page, threaded discussions about the project, and Issue Tracking system, etc.
 
</span>
 
  
[https://github.com/SamanthaGroves Compiled DLLs]
+
[https://github.com/OWASP/PureCaptcha Download]
  
[https://github.com/SamanthaGroves Source Code]
+
[https://github.com/OWASP/PureCaptcha Source Code]
 
 
[https://github.com/SamanthaGroves Documentation]
 
 
 
[https://github.com/SamanthaGroves Wiki Home Page]
 
 
 
[https://github.com/SamanthaGroves Issue Tracker]
 
 
 
[https://github.com/SamanthaGroves Slide Presentation]
 
 
 
[https://github.com/SamanthaGroves Video]
 
  
 
== Project Leader ==
 
== Project Leader ==
Line 50: Line 36:
  
 
== Related Projects ==
 
== Related Projects ==
<span style="color:#ff0000">
+
[[OWASP PHP Security Project]]
This is where you can link to other OWASP Projects that are similar to yours.
 
</span>
 
 
 
  
 +
[[CSRFProtector Project]]
  
 
==Classifications==
 
==Classifications==
Line 71: Line 55:
  
 
== News and Events ==
 
== News and Events ==
<span style="color:#ff0000">
+
First version released!
This is where you can provide project updates, links to any events like conference presentations, Project Leader interviews, case studies on successful project implementations, and articles written about your project.
 
</span>
 
  
 +
|}
 +
= Documentation =
  
|}
+
There are basically three operations needed to properly utilize CAPTCHAs:
 +
 
 +
* Generating A Captcha
 +
This can be done by the '''show''' method of PureCaptcha. It will terminate the current request and return an image to the client.
 +
* Persisting The Captcha Value
 +
The '''show''' method also returns a string equal to the Captcha contents. You need to persist it on the session for the user (preferably for a limited amount of time). The example code shows how this can be done simply in your programming language, but any other persistence layer would be fine.
 +
Keep in mind that for every Captcha used inside your application (e.g one for login page, one for password reset page, one for remove user page) you should persist the Captcha separately, so that a user can simultaneously use all your applications functionalities without one Captcha overriding the expected value for the other.
 +
* Validating The Captcha
 +
'''It is very important to remove the Captcha from persistence after its validated, whether its wrong or right.''' If you leave a Captcha persisting after validation, attackers can bypass your Captcha by inspecting it once and then using the same Captcha over and over to send requests to your application. See the example usages for more details.
  
 
=FAQs=
 
=FAQs=
 
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
 
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
<span style="color:#ff0000">
+
==How Can I Use PureCaptcha?==
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'
+
Just include the source code file in your project, and visit the sample usage files to learn how to properly use a captcha.
</span>
 
  
 
==How can I participate in your project?==
 
==How can I participate in your project?==
Line 88: Line 79:
  
 
==If I am not a programmer can I participate in your project?==
 
==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.  
+
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.
  
 
= Acknowledgements =
 
= Acknowledgements =
Line 94: Line 85:
  
 
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
 
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
<span style="color:#ff0000">
 
The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
 
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.
 
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.
 
</span>
 
 
 
  
 
The first contributors to the project were:
 
The first contributors to the project were:
Line 109: Line 93:
  
 
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
 
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
<span style="color:#ff0000">
 
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going as well as areas that volunteers may contribute. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
 
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.
 
</span>
 
 
==Roadmap==
 
==Roadmap==
 
Currently PHP library is available and tested. Porting to all major programming languages is the next step.
 
Currently PHP library is available and tested. Porting to all major programming languages is the next step.
Line 123: Line 103:
  
 
===Coding===
 
===Coding===
 +
Any programming language you like, you can either port PureCaptcha to or improve the existing code!
 
===Localization===
 
===Localization===
Are you fluent in another language? Can you help translate the text strings into that language?
+
Are you fluent in another language? Can you help translate the text strings and documents into that language?
 
===Testing===
 
===Testing===
 
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
 
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
 
===Feedback===
 
===Feedback===
mailing list
+
mailing list: TBA
 
<ul>
 
<ul>
 
<li>What do like?</li>
 
<li>What do like?</li>
Line 135: Line 116:
 
</ul>
 
</ul>
  
=Minimum Viable Product=
 
<span style="color:#ff0000">
 
This page is where you should indicate what is the minimum set of functionality that is required to make this a useful product that addresses your core security concern.
 
Defining this information helps the project leader to think about what is the critical functionality that a user needs for this project to be useful, thereby helping determine what the priorities should be on the roadmap.  And it also helps reviewers who are evaluating the project to determine if the functionality sufficiently provides the critical functionality to determine if the project should be promoted to the next project category. 
 
</span>
 
 
 
 
=Project About=
 
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
 
<span style="color:#ff0000">
 
This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
 
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project
 
</span>
 
  
 
{{:Projects/OWASP_Example_Project_About_Page}}  
 
{{:Projects/OWASP_Example_Project_About_Page}}  

Latest revision as of 17:43, 12 November 2014

OWASP Project Header.jpg

Welcome to OWASP Pure Captcha project page!

OWASP PureCaptcha

Use CAPTCHAs in your application without any dependencies, no required libraries and nothing to install. Just include a single small source-code file to have fully functional lightweight CAPTCHAs in your project.

Description

CAPTCHA is a feature detecting humans from computers, needed in many aspects of all web applications to prevent bots from flooding and spamming. Unfortunately all existing libraries and APIs require too much effort for a small application to be feasible and maintainable, so a lot of developers just give up on using CAPTCHAs where they are needed. This is due to the fact that generating CAPTCHAs requires a large body of code libraries to be available. It depends on image manipulation (like GD and Imagick), font rendering (Freetype and etc.) SOAP or Curl and etc. each of which are high level libraries and have a lot more dependencies. PureCapthca provides a single source code file which does the entire CAPTCHA generation and handling, because it only includes code for rendering a few alphanumeric letters from scratch, creating simple BMP files from nothing and modifying simple bitmap images.

This allows developers to easily add a single source code file to their projects and reap full CAPTCHA benefits with minimal memory and processing footprint and ZERO dependencies.

Licensing

Creative Commons Attribution ShareAlike 3.0 License

Apache 2 License

Project Resources

Download

Source Code

Project Leader

Abbas Naderi


Related Projects

OWASP PHP Security Project

CSRFProtector Project

Classifications

Project Type Files CODE.jpg
Incubator Project Owasp-builders-small.png
Affero General Public License 3.0

News and Events

First version released!

There are basically three operations needed to properly utilize CAPTCHAs:

  • Generating A Captcha

This can be done by the show method of PureCaptcha. It will terminate the current request and return an image to the client.

  • Persisting The Captcha Value

The show method also returns a string equal to the Captcha contents. You need to persist it on the session for the user (preferably for a limited amount of time). The example code shows how this can be done simply in your programming language, but any other persistence layer would be fine. Keep in mind that for every Captcha used inside your application (e.g one for login page, one for password reset page, one for remove user page) you should persist the Captcha separately, so that a user can simultaneously use all your applications functionalities without one Captcha overriding the expected value for the other.

  • Validating The Captcha

It is very important to remove the Captcha from persistence after its validated, whether its wrong or right. If you leave a Captcha persisting after validation, attackers can bypass your Captcha by inspecting it once and then using the same Captcha over and over to send requests to your application. See the example usages for more details.

How Can I Use PureCaptcha?

Just include the source code file in your project, and visit the sample usage files to learn how to properly use a captcha.

How can I participate in your project?

All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

If I am not a programmer can I participate in your project?

Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

Volunteers

The first contributors to the project were:

Roadmap

Currently PHP library is available and tested. Porting to all major programming languages is the next step. Since the library is pretty small, this shouldn't be a hard task and can be done in one summer by 1 candidate.

Getting Involved

Involvement in the development and promotion is actively encouraged! You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

Coding

Any programming language you like, you can either port PureCaptcha to or improve the existing code!

Localization

Are you fluent in another language? Can you help translate the text strings and documents into that language?

Testing

Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.

Feedback

mailing list: TBA

  • What do like?
  • What don't you like?
  • What features would you like to see prioritized on the roadmap?


PROJECT INFO
What does this OWASP project offer you? 		RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: N/A
Purpose: N/A
License: N/A
who is working on this project?
Project Leader(s): N/A
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: N/A
Project Roadmap: Not Yet Created
Key Contacts
  • Contact the GPC to contribute to this project
  • Contact the GPC to review or sponsor this project
current release
pending
last reviewed release
pending


other releases


Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_PureCaptcha&oldid=185315"