This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Testing for Captcha (OWASP-AT-012)

Revision as of 23:49, 17 November 2013 by Wilder (talk | contribs) (Brief Summary)

Jump to: navigation, search
This article is part of the new OWASP Testing Guide v4.
Back to the OWASP Testing Guide v4 ToC: Back to the OWASP Testing Guide Project:

WARNING: CAPTCHA is considered to be an ineffective security mechanism - most current CAPTCHAs in these days can be cracked in a fully automated way!

Brief Summary

CAPTCHA ("Completely Automated Public Turing test to tell Computers and Humans Apart") is a type of challenge-response test used by many web applications to ensure that the response is not generated by a computer.


{{note}} Loose test
{{tip}} Loose test

Template:Note Template:Note Template:Note Template:Note Template:Tip Template:Note Loose test

Template:Tip Loose test

Description of the Issue Short Description of the Issue: Topic and Explanation

Black Box testing and example

Testing for Topic X vulnerabilities:
Result Expected: