A Study of Captcha for Web Security

In: Computers and Technology

Submitted By chicati
Words 2733
Pages 11
A Study of CAPTCHA for Web Security

Abstract— As the increase of Internet usage in term of available services provided, user gains more convenience but also face a challenge. Online services such as Email, search engine, social networking may be abused by the automated program or web bots. To ensure the service is used by human, most of them use Completely Automated Public Turing test to tell Computers and Human Apart (CAPTCHA) methods to securing their web services. This paper will discuss the various types of CAPTCHAs and issues in designing the good CAPTCHA in term of security and usability. Keywords: CAPTCHA, TEXT-Based, GRAPHIC-Based, AUDIOBased, Robustness, Usability

Online Polls: Result of any online poll can only be trusted if the poll system ensures that only humans can vote. Preventing Dictionary Attacks: CAPTCHAs can also be used to prevent dictionary attacks in password systems. Search Engine Bots: Configuring the website as nonindexed page is important to prevent others from finding them easily. This is why CAPTCHA is important Worms and Spam: CAPTCHAs also offer a reasonable solution against email worms and spam which only accept if the sender is a human [2].



A CAPTCHA which is stand for Completely Automated Public Turing test to tell Computers and Human Apart is a challenge response test which gives a challenge to the users. It is one of Human Interaction Proofs. When the user gives accurate answer he is considered as human otherwise a web bot. Web bots are scripts or applications designed to perform predefined functions repeatedly and automatically after being triggered intentionally or through a system infection [1]. It is important to differentiate between a human and a machine in the fields of Artificial Intelligent, Internet Security and human computer interaction [3].Some web services and applications…...

Similar Documents

Web Application Security

...Assignment 7 You may search these terms from the web resource links available under Resources to expand on the terminology and/or usage. If you do so, you must provide the reference to the resource as well as cite in your answer with (author, year, and page or paragraph number(s). 1. Create a Word document and name it CS680-Assignment_7_FirstName_LastName.doc(x) (with your name substituted for first name and last name). 2. Part I: put questions in the above file with their respective question numbers and answers, for the following: • From the SINN book – Chapter 7, Review Questions 2 to 22 even p. 292 • From the GREMB book -- Chapter 10, Review Questions 2 to 20 even pp. 275-277 3. Part II: visit the following three sites: • http://www.ieee.org • http://www.PMI.org • http://www.webappsec.org For Each of the three sides find three societies or special interest groups that deal with security, application security, or Web application security. Write a synopsis of what the organization does, and how the society or special interest group can help you become more successful Web developer when it comes to implementing security into your software design. This question must be answered with at least 60 words each part with proper citations, proper references, and formatting. Combine the answers into the same above file. From the SINN book – Chapter 7, Review Questions 2 to 22 even p. 292 2. _____________ is concerned with what an identity is allowed to......

Words: 2041 - Pages: 9

Security Studies

...title Instructor Date Critically discuss the securitization theory – using the case study of War on terror in Afghanistan (2001-2012) Introduction Security study was in the past regarded as a sub-discipline of international relations underpinned in Anglo-American thinking. Until early 1990s, security studies were considered as a strategic studies focusing on a strong military focus. This traditional view of security involved the protection of the state and a scientific agenda to secure the state from definable threats and maintain the status quo. This is a positivist approach which was based on rationalism and realism. The Copenhagen School presented an alternative view of security studies by responding to the traditional approach of forming a clear sense of ‘what is security’. This approach is defined in three mechanisms: development of sectors approach to security, developing a regional focus on security and critically engendering a social constructivist theory of security through securitization studies. This theory will be the main focus of this discussion. To achieve a critical discussion of what securitization really entails, this paper will use the case study of USA’s war on terrorism in Afghanistan. The approach used by the US government to fight against terrorism in Afghanistan and Iraq can be considered as a securitization approach which has led to a resulted in security problems in the two countries rather than solving the issue. Securitization of USA’s......

Words: 3288 - Pages: 14

Web Security

...| Contact Number | (M) 9722266247 | Date of Birth | 12/01/1991 | Gender | Male | Hobby | Playing cricket , To make Dj Remix Songs, Djing, Social Networking. | E-mail | princeikhanna@yahoo.co.in coolprinceahmedabad@gmail.com | Known Languages | Gujarati , Hindi , English , Punjabi | | | SKILL | Languages | C, C++, Java,Visual Basic.NET | Web Technologies | ------------------------ | RDBMS | SQL Oracle, MS Access | Software Packages | MS Office, Rational Rose, Visual Studio, MS Visio. | Technologies Known | ASP.NET,ADO.NET | Operating Systems | MS-DOS, XP, WINDOWS – VISTA, WONDOWS – 7, WINDOWS - 8 | Project Work | 1. E – Booking System: This is Web Based Application .Those Who Want to Book a Particular Air Flight or Want to See the Status of an Air Flight Or if Any Body Wants To See The Status Of the Air Flight then He\She Can do all the above things within a single website…!!!. Front End : Visual Basic.NET, Ado.net Back End : Microsoft SQL Database Semester : Third Year B.C.A. Institute : Shri Chimanbhai Patel Institute of Computer Applications. STARARE AREA OF INTEREST | RENGTHS S Web-Site and Software Development, System Analyst. STRENGTHS | * Adaptation to various working environments. * Sincere, flexible, Teamwork, Hard Working, Honest. I hereby declare that all the details mentioned above are true . Khanna Prince .I. ...

Words: 315 - Pages: 2

Web Security Issues

...Web Security Issues/Concerns Comparing to other online Apollo group organizations Riordan manufacturing has a few locations. No matter the size of the business but still the information and the database needs to be protected in any way. To overcome this the web up-time needs to be more effective and fast. In that case if a customer place an online order it can transmitted real fast to Riordan manufacturing to process the order. A weak point I found on Riordan manufacturing website is there is no option for customers for online entries. Also if they are willing to create a for customer information entry it should be protected by (DOS) Denial of Service to prevent online attacks and threats wise versa. Current Riordan Manufacturing website specifications As I went through the information each Riordan manufacturing facility has their own web server which runs internally, but with any firewall which is a huge risk. I found out that each web server is being installed and maintained by different vendors without any continuity plan or proper security measures. In case if a customer needs to contact Riordan manufacturing they has the option to send a text message describing their need. The email and phone numbers of Riordan are listed on the website as well. Recommendations to secure the web security I do suggest that if Riordan can setup one server on a location and connect all locations to it. It that case they can maintain and monitor their system easily and quickly before a...

Words: 356 - Pages: 2

Cmgt441 Week 2 Web Security

...Website Security Website Security is important in helping to protect both consumers and corporations from security threats. As more and more companies make their products available online, and consumers continue to find online shopping more convenient, threats to website security continue to rise. These threats can come in the form of identity theft and lead to consumers’ finances being stolen and used by the offenders. This also creates a financial burden to companies, as they could be liable for the financial damages to consumers, along with losing some of the trust that their consumers may have for them. Implications of a Security Breach Security breaches can be very damaging to an organization. Financially, it can be a nightmare, but a breach also means that the company will have to overhaul its website security practices and policies. For example, in August 2007, Monster Worldwide Inc., a company that runs Internet job boards Monster.com and USAJobs.gov, fell victim to a security breach that was very costly.(Hobson, 2014). According to NBC News, approximately 1.3 million people’s information was stolen. Normally, resumes do not contain any data that could be immediately damaging, such as Social Security Numbers, credit card numbers, and bank account numbers, but contact information can be used in phishing scams to gain more sensitive information. This security breach cost Monster $80 million in upgrades to improve the security of its site.(Bergstein,......

Words: 817 - Pages: 4

Web Security

...Web security Web sites are unfortunately prone to security risks. And so are any networks to which web servers are connected. Web servers by design open a window between a network and the world. The care taken with server maintenance, web application updates and a web site coding will define the size of that window, limit the kind of information that can pass through it and thus establish the degree of web security. "Web security" is relative and has two components, one internal and one public. Relative security is high if it has few network resources of financial value, the company and site aren't controversial in any way, the network is set up with tight permissions, web server is patched up to date with all settings done correctly, applications on the web server are all patched and updated, and web site code is done to high standards. Web security is relatively lower if the related company has financial assets like credit card or identity information, if web site content is controversial; servers, applications and site code are complex or old and are maintained by an underfunded or outsourced IT department. Web site undoubtedly provides some means of communication with its visitors. In every place that interaction is possible that have a potential web security vulnerability. Web sites often invite visitors to: • Load a new page containing dynamic content • Search for a product or location • Fill out a contact form • Search the site content ......

Words: 827 - Pages: 4


...CAPTCHA CAPTCHAs (completely automated public Test to tell computers and humans apart) are in common use today as a method for performing automated human verification online. The most popular type of CAPTCHA is the text recognition variety. However, many of the existing printed text CAPTCHAs have been broken by web-bots and are hence vulnerable to attack. We present an approach to use human-like handwriting for designing CAPTCHAs. A synthetic handwriting generation method is presented, where the generated textlines need to be as close as possible to human handwriting without being writer-specific. Such handwritten CAPTCHAs exploit the differential in handwriting reading proficiency between humans and machines. Test results show that when the generated textlines are further obfuscated with a set of deformations, machine recognition rates decrease considerably, compared to prior work, while human recognition rates remain the same. CAPTCHA is now almost a standard security technology. The most widely used CAPTCHAs rely on the sophisticated distortion of text images rendering them unrecognisableto the state of the art of pattern recognition techniques and these text-based schemes have found widespread applications in commercial websites. The state of the art of CAPTCHA design suggests that such text-based schemes should rely on segmentation resistance to provide security guarantee, as individual character recognition after segmentation can be solved with a high...

Words: 598 - Pages: 3

Web Security Life Cycle

...drives and files on those drives. Equally as important it incorporates the business reason for applying certain permissions to those users who require access. 2. Security Operations and Administration This domain covers the security of an organization as a whole, dealing with the best practices and end results, of to how security is accomplished. It incorporates the documentation required to present the steps that will ensure the C-I-A of an organizations network. 3. Monitoring and Analysis This domain deals with activities that are accountable for collecting information. This covers sifting through the log files, and auditing the system looking for events, or possible attack paths. It also covers auditing internal use to ensure that the users are following best practices and adhering to the AUP. 4. Risk, Response, and Recovery This area covers the entire real of risk management. This includes identifying risk and ways to mitigate it, protocol to responding to various incidents, and business continuity planning. 5. Cryptography This domain covers the protection of information, primarily done by altering the data to ensure its integrity. . It also deals with the key management of digital signatures. 6. Networks and Communications This domain applied to the network infrastructure and the measures of security taken to ensure the integrity of its data. It protects the data transmitted in both the private and public communication networks. 7. Malicious Code and......

Words: 478 - Pages: 2

Web Security

...Web Security World Wide Web When the internet hit popularity, many people were not aware what the first three letters meant in the url of a Website. It meant World Wide Web, but now that has been taken to a new level. The initial implication was that anything in the world could be accessed through a computer. The information was accessed by typing a word or phrase in the filed box. World Wide Web has taken on a new meaning and it has made people very angry, cautious and mistrusting. What has been happening is the people that are well versed in the subject of technology are using their knowledge maliciously. The problem is not only worldwide; it is beginning to increase by leaps and bounds. Website developers now have to implement security measures to protect user’s personal information. An article (Neville-Neil, 2007), explains that there are three “…main problems that people are trying to solve by building secure Web applications:” * The first problem most people encounter is authentication. How does the application know who is accessing it and what they are allowed to access? * Problem two is the ability of an attacker to trick users, once they have authenticated, into doing work on the attacker’s behalf. I call this problem request forgery. * The last problem is the risk involved in hosting UGC (user-generated content) on a Web site. The problems listed above are now prompting Web developers to build secure Websites. Of course, developers......

Words: 575 - Pages: 3

Web Application Security

...Web Server Application Attacks Brooks Gunn Professor Nyeanchi CIS 502 July 10, 2013 Web Server Application Attacks Many organizations have begun to use web applications instead of client/server or distributed applications. These applications has provided organizations with better network performance, lower cost of ownership, thinner clients, and a way for any user to access the application. We applications significantly reduce the number of software programs that must be installed and maintained in end user workstations (Gregory 2010). Web applications are becoming a primary target for cyber criminals and hackers. They have become major targets because of the enormous amounts of data being shared through these applications and they are so often used to manage valuable information. Some criminals simply just want vandalize and cause harm to operations. There are several different types of web application attacks. Directory traversal, buffer overflows, and SQL injections are three of the more common attacks. One of the most common attacks on web based applications is directory traversal. This attack’s main purpose is the have an application access a computer file that is not intended to be accessible. It is a form of HTTP exploit in which the hacker will use the software on a Web server to access data in a directory other than the server’s root directory. The hacker could possibly execute......

Words: 1620 - Pages: 7

Food Web Case Study

...Food Web Case Study Brenda Phouthavong MTH/221 September 8, 2014 Gary Page Food Web Case Study In a single ecosystem, all the food chains consisted in a food web. Those that are living in an ecosystem is part of more than one food chain. As the process moves on through the ecosystem, each food chain is one possible path that energy and nutrients may take (Mader, 1996). Indeed all of the interconnected and overlapping food chains contain many organisms that take place within various niches because their resources are available for their habitat (Mader, 1996). Various types of organisms within the food web are grouped into categories called trophic levels. In this food web case study, we will use the food web as a directed graph to model the relationship between predators and prey in an ecological community and the use of graph to visually explain the important parameters that consider a competition for ecological surroundings for organisms. As directed in a simple food web of an ecological community, the graph displays an apex for each organism in a trophic level and a direct border from the apex visually explaining individual A to the apex illustrating individual B, and however, the path continues if A preys on B (Roberts, 1976). Within this particular graph, the toad, milk snake, salamander, raccoon, grasshopper, fox, and the robin were chosen for a group of seven species, and the results show competition among one another. Again, if there is a common prey to catch,...

Words: 1002 - Pages: 5

Applying Owasp to a Web Security Assessment

...Assessment Worksheet Applying OWASP to a Web Security Assessment Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you explored the Open Web Application Security Project (OWASP) Web site and reviewed its Web application test methodology. You studied the standards and guides published by this project and summarized your findings. Finally, you drafted a Web Application Test Plan based on the information you gained in your OWASP research. Lab Assessment Questions & Answers 1. Identify the four recognized business functions and each security practice of OpenSAMM. 1) Governance 2) Construction 3) Verification 4) Deployment 2. Identify and describe the four maturity levels for security practices in SAMM. 1) Implicit starting point representing the activities in the Practice being unfulfilled 2) Initial understanding and ad hoc provision of Security Practice 3) Increase efficiency and/or effectiveness of the Security Practice 4) Comprehensive mastery of the Security Practice at scale 3. What are some activities an organization could perform for the security practice of Threat Assessment? Threat Assessment involves accurately identifying and characterizing potential......

Words: 574 - Pages: 3

Security for Web Applications

...RECENT CYBER ATTACKS SANDEEP VEMULAPALLI 12917417 IA-606 ST.CLOUD STATE UNIVERSITY SEP4, 2015 Cyber Attack: The attempt of breaching the security layers of an organization or a system by disrupting the network and there by accessing, stealing, modifying or destroying the valuable data and using the data for fraudulent purposes, causing a loss to the organization is called a Cyber Attack Origin: The idea of cyber attacks began at the earlier development of World Wide Web (www) in this stage there was not much harm to the organization but as there was advancement in technology the number of hackers increased day by day and also the effectiveness of the hacking technology has increased a lot which results a severe damage to the organization In more recent times many organizations like manufacturing companies, IT companies, banks and health care providers have been prone to the cyber theft and they lost huge volume of information which incurred huge losses to the companies. Some of the examples include the attack on Target, Primera Blue Cross, E-Bay, JP Morgan Chase bank Sony PSN and many other. These attacks have happened because of poor security measures and the loopholes in the system by which hackers gained access and made the companies to compromise a huge volume of information. Cyber Attack on Primera Blue Cross: Primera blue cross is one of the leading insurance company in Washington .It has undergone a cyber attack on May 5th and the......

Words: 1000 - Pages: 4

Web Server Security and Database Server Security

...Web Server Security and Database Server Security Databases involve distributed updates and queries, while supporting confidentiality, integrity, availability, and privacy (Goodrich, & Tamassia, 2011). This entails robust access control as well as tools for detection and recovering from errors (2011). When database information is masked, there is still a possibility of an attacker garnishing sensitive data from additional database information that is available, this can be achieved and called an inference attack (2011). For databases, strategies have been designed to mitigate against inference attacks. Cell suppression is a technique used to combat an inference attack, by removing various cells in a database, and are left blank for published versions (2011). The objective is to suppress the critical cells that have relatively important information in them from being obtained in an attack (2011). Another strategy is called Generalization, and this involves replacing published versions of database information with general values (2011). Such as stating a specific date of birth with a range of years, thus a person born in 1990 could be generalized as a range 1985-1992. The critical values are intertwined with the actual values, so they are less discernable in an inference attack (2011). A Noise Addition technique can also be utilized. This requires adding randomized values to real values in a published database (2011). This provides “noise” for all the records of the...

Words: 2494 - Pages: 10

Riordan Manufacturing Web Security

...Riordan Manufacturing Web Security CMGT441 May 28, 2012   Riordan Manufacturing is a “Fortune 1000 enterprise with revenues in excess of $1 billion” with “projected annual earnings of $46 million” (Apollo Group, Inc., 2012). Their mission statement focus is to be “industry leaders in using polymer materials to provide solutions to our customers challenges” and “identifying industry trends” (Apollo Group, Inc., 2012). Yet, they are severely lacking in their physical and technical web security. Before any technical measures can be taken, physical measures should be considered. A big concern is where machines are located. The servers at San Jose and China are data centers and therefore need to be well protected. They should be in a locked fireproof room with authorized access only. Also, have a fire suppression and temperature controlled system. The servers at Albany and Pontiac should have the care, but at least be in a locked room away from the public to avoid accidents. All computers should be in an office or room that can be locked. Laptops should have cable locked or locked in a drawer when not in use. Printers should also be in a lockable room. Any research and design machines need to be in a separate part of San Jose building with special access and the servers need to have their own room. All the cyber security in the world could not stop someone from walking up to a machine and downloading the data. Next, to have a digital system the proper hardware needs to be in...

Words: 644 - Pages: 3