OWASP 4 Common Uses Account Registration Blog Comments Contact Us Forms Data Enumeration Online Polls Search Engine Bots Worms Authentication Mechanism CSRF
OWASP 5 Implementation Attacks – Example captcha_image.php?x=-8&y=20&l=12 (x + 12, y – 17) - Mike Spindel and Scott Torborg, DEFCON 16, CAPTCHAs Are they hopeless
OWASP 6 Implementation Attacks – More Example Solution as part of Image Id Static Solution per Image Id Multiple Solution Attempts on Single Image Small number of repeated images / Limited solution space Dataflow Bypass
OWASP 7 Attacks – Automatic Recognition Optical Character Recognition (OCR) Preprocessing Segmentation Classification Success Rates 20% success for Gmail 30-35% success for Hotmail 60-90% success for most others… Speech-to-Text
OWASP 8 - Mike Spindel and Scott Torborg, DEFCON 16, CAPTCHAs Are they hopeless
OWASP 9 - Mike Spindel and Scott Torborg, DEFCON 16, CAPTCHAs Are they hopeless
OWASP 17 Conclusion CAPTCHA doesn’t work What it does do, does badly And it’s broken, besides… Bad solution for the wrong problem In the meantime: Don’t use CAPTCHA for sensitive resources
Your consent to our cookies if you continue to use this website.