Collaborate Disseminate
I am aware that the g-captcha response cannot be used twice and expires after 2 minutes, but are there any security concerns using GET instead of POST?
Continue reading Is it insecure to show the g-captcha response in the query string of a GET request?
I have seen dozens of client-side captcha verification on github and considering it is just a matter of time to make it totally useless, what are the purposes of these? Are there any justifications that I don’t see? Maybe, the only thing I… Continue reading What is the point of client-side captcha verification?
I have this form where there is an implemented Google Captcha. I don’t understand why I can submit multiple POST request using the same g-recaptcha-response and without it. Is it intended to work that way?
POST /dev-test/form.php HTTP/1.1
… Continue reading Validating g-captcha-response parameter
I would like to provide some free tokens to users on registration, I don’t want bot accounts to register and get free tokens. Is there any way to prevent this?
I would like to use phone verification, but I am not sure if it’s obsolete. I w… Continue reading Is there any way to guarantee real user registration?
The team at AltaVista (RIP) invented the CAPTCHA in 1997. At the time, it was a groundbreaking solution to a niche problem: preventing bots from entering URLs into the web search engine. Fast forward to 2021, and there are more than 20 different CAPTCH… Continue reading Why Isn’t CAPTCHA Dead Yet?
The team at AltaVista (RIP) invented the CAPTCHA in 1997. At the time, it was a groundbreaking solution to a niche problem: preventing bots from entering URLs into the web search engine. Fast forward to 2021, and there are more than 20 different CAPTCH… Continue reading Why Isn’t CAPTCHA Dead Yet?
Many web form features could be set with HTML builtin behavior — without developing backend and/or (non HTML) frontend for them, for examples:
Select field
Input Date field
Input Time field
In the comment section of that post I underst… Continue reading Is it plausible to make form Captchas part of HTML? [closed]
I am developing a Content Management System Agnostic (CMS-Agnostic) HTML-PHP-JavaScript-CSS contact form and I want to embed a captcha module in it.
I want my backend code (PHP in that case but it could have been any other communally-devel… Continue reading Is there some international captcha standard (possibly with some implementation alongside it)? [closed]
Researcher uses an old unCAPTCHA trick against latest the audio version of reCAPTCHA, with a 97 percent success rate. Continue reading Researcher Breaks reCAPTCHA With Google’s Speech-to-Text API
We’ve recently had a penetration test for one of our applications.
The Penetration Testing company identified that our application lacks protections against brute-force attacks on the login page.
Ref: https://owasp.org/www-community/contro… Continue reading Is using PBKDF2 good protection against brute-force attacks on web application login pages?