Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Slides:



Advertisements
Similar presentations
TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
Advertisements

Information Technology Quiz Questions with Answers Part 9
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Slide 1 Insert your own content. Slide 2 Insert your own content.
Chapter 1 The Study of Body Function Image PowerPoint
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 4 Author: Julia Richards and R. Scott Hawley.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
1 Chapter 40 - Physiology and Pathophysiology of Diuretic Action Copyright © 2013 Elsevier Inc. All rights reserved.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
and 6.855J Cycle Canceling Algorithm. 2 A minimum cost flow problem , $4 20, $1 20, $2 25, $2 25, $5 20, $6 30, $
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.
0 - 0.
1  1 =.
2 pt 3 pt 4 pt 5 pt 1 pt 2 pt 3 pt 4 pt 5 pt 1 pt 2 pt 3 pt 4 pt 5 pt 1 pt 2 pt 3 pt 4 pt 5 pt 1 pt 2 pt 3 pt 4 pt 5 pt 1 pt Time Money AdditionSubtraction.
ALGEBRAIC EXPRESSIONS
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
MULTIPLYING MONOMIALS TIMES POLYNOMIALS (DISTRIBUTIVE PROPERTY)
ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.
MULTIPLICATION EQUATIONS 1. SOLVE FOR X 3. WHAT EVER YOU DO TO ONE SIDE YOU HAVE TO DO TO THE OTHER 2. DIVIDE BY THE NUMBER IN FRONT OF THE VARIABLE.
SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION
MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
FACTORING Think Distributive property backwards Work down, Show all steps ax + ay = a(x + y)
Addition Facts
Year 6 mental test 5 second questions
Year 6 mental test 15 second questions Numbers and number system Numbers and the number system, Measures and Shape.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
The Racing Game of Knowledge Continue Questions – push on trees
ABC Technology Project
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
O X Click on Number next to person for a question.
© S Haughton more than 3?
5.9 + = 10 a)3.6 b)4.1 c)5.3 Question 1: Good Answer!! Well Done!! = 10 Question 1:
1 Directed Depth First Search Adjacency Lists A: F G B: A H C: A D D: C F E: C D G F: E: G: : H: B: I: H: F A B C G D E H I.
OWASP Secure Coding Practices Quick Reference Guide
©2007 First Wave Consulting, LLC A better way to do business. Period This is definitely NOT your father’s standard operating procedure.
We are learning how to read the 24 hour clock
Energy & Green Urbanism Markku Lappalainen Aalto University.
1, 3, 5, 7, 9, … + 2 TermNumbersPattern of Numbers The n-order for the pattern of odd numbers is 2n – 1, for n is natural numbers n ?
Past Tense Probe. Past Tense Probe Past Tense Probe – Practice 1.
Understanding Generalist Practice, 5e, Kirst-Ashman/Hull
Skills for Success with Microsoft® Office 2010
For Educational Use Only © Factoring x 2 + bx + c Brian Preston Algebra
Addition 1’s to 20.
25 seconds left…...
Test B, 100 Subtraction Facts
Application of the web based technologies in tourism ( The praxis of Bulgarian tour operators and travel agencies ) Author: Tania Gorcheva, Associated.
11 = This is the fact family. You say: 8+3=11 and 3+8=11
Week 1.
Number bonds to 10,
We will resume in: 25 Minutes.
Bottoms Up Factoring. Start with the X-box 3-9 Product Sum
O X Click on Number next to person for a question.
X-box Factoring. X- Box 3-9 Product Sum Factor the x-box way Example: Factor 3x 2 -13x (3)(-10)= x 2x 3x 2 x-5 3x +2.
1 PART 1 ILLUSTRATION OF DOCUMENTS  Brief introduction to the documents contained in the envelope  Detailed clarification of the documents content.
Human Computation CSC4170 Web Intelligence and Social Computing Tutorial 7 Tutor: Tom Chao Zhou
CAPTCHA 1 Are you Human? (Sorry, I had to ask). CAPTCHA 2 Agenda What is CAPTCHA? Types of CAPTCHA Where to use CAPTCHAs? Guidelines when making a CAPTCHA.
Recognizing some of the modern CAPTCHAs Dmitry Nikulin LCME, Saint-Petersburg, 2011.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
CAPTCHA solving Tianhui Cai Period 3. CAPTCHAs Completely Automated Public Turing tests to tell Computers and Humans Apart Determines whether a user is.
Presented By: Abirami Poonkundran Authors: Jeff Yan, Ahmad El Ahmad.
CAP Malware and Software Vulnerability Analysis Term Project Proposal - Spring 2009 Professor: Dr. Zou Team members: Andrew Mantel & Peter Matthews.
By: Steven Baker.  What is a CAPTCHA?  History of CAPTCHA  Applications of CAPTCHAs  Accessibility  Examples of CAPTCHAs  reCAPTCHA  Vulnerabilities.
Usability of CAPTCHAs Or usability issues in CAPTCHA design Authors: Jeff Yan and Ahmad Salah El Ahmad Presented By: Kim Giglia CSC /19/2008.
SANDEEP MEHTA (ECE, IV Year). CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart Invented at CMU by Luis von Ahn, Manuel.
Are you Human?.
Fighting the WebBots A webbot is a program that visits web sites for all kinds of purposes. For example, Google webbots make copies of all web sites for.
Presentation transcript:

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP CAPTCHA The Image We All Love To Hate Shay Zalalichin and Avi Douglen Comsec Consulting Israel 2008 September 14

OWASP 2 Introduction  Completely Automated Public Turing Test to Tell Computers and Humans Apart

OWASP 3 CAPTCHA Techniques Background  Colors  Patterns  Distortion  Warping  Perturbation  Lines Text  Non-Alpha  Fonts  Sizes  Crowding  Deformation  Rotation

OWASP 4 Common Uses  Account Registration  Blog Comments  Contact Us Forms  Data Enumeration  Online Polls  Search Engine Bots  Worms  Authentication Mechanism  CSRF

OWASP 5 Implementation Attacks – Example captcha_image.php?x=-8&y=20&l=12 (x + 12, y – 17) - Mike Spindel and Scott Torborg, DEFCON 16, CAPTCHAs Are they hopeless

OWASP 6 Implementation Attacks – More Example  Solution as part of Image Id  Static Solution per Image Id  Multiple Solution Attempts on Single Image  Small number of repeated images / Limited solution space  Dataflow Bypass

OWASP 7 Attacks – Automatic Recognition  Optical Character Recognition (OCR)  Preprocessing  Segmentation  Classification  Success Rates  20% success for Gmail  30-35% success for Hotmail  60-90% success for most others…  Speech-to-Text

OWASP 8 - Mike Spindel and Scott Torborg, DEFCON 16, CAPTCHAs Are they hopeless

OWASP 9 - Mike Spindel and Scott Torborg, DEFCON 16, CAPTCHAs Are they hopeless

OWASP 10

OWASP 11 Other Approaches

OWASP 12

OWASP 13

OWASP 14 Attacks using the Human Factor  CAPTCHA Proxies  Pornography sites  Games  Etc.  CAPTCHA Farms  Cheap Workers  Indian / Romanian / Far East / …  Between 2$ - 4$ per 1000 CAPTCHAs

OWASP 15 - Jeremiah Grossman, Blackhat 2008, Get Rich or Die Trying

OWASP 16

OWASP 17 Conclusion  CAPTCHA doesn’t work  What it does do, does badly  And it’s broken, besides…  Bad solution for the wrong problem  In the meantime: Don’t use CAPTCHA for sensitive resources

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.