What is a CAPTCHA?
CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart". It is named after mathematician Alan Turing's "Turing test" (a test of a machine's ability to exhibit intelligent behaviour equivalent to, or indistinguishable from, that of a human).
A CAPTCHA test is used to separate humans and machines. The perfect CAPTCHA would be one which a human can trivially solve but a computer cannot despite. In practice, it may simply take disproportionate effort for a computer to solve, though modern AI developments may soon render the technology obsolete.
What does a CAPTCHA look like?
A CAPTCHA test is normally an image test or a simple mathematics problem.
The most typical modern form of CAPTCHA is an image divided into a grid, or a grid of separate images – the user is asked to click cells that contain a certain object. Often the images are of roads, and the objects are specific types of hazard, producing results that can be used to train autonomous driving algorithms.
Older versions of CAPTCHA involved identifying words presented in a distorted manner – the data harvested from these was used to help with the digitisation of scanned books, newspapers, etc.
What are CAPTCHA used for?
CAPTCHA are used to stop malicious actors using automated systems to performs many attacks against a target at scale, by disallowing any automated (non-human) access to the application. One example might be to prevent the use of automation to set up hundreds of accounts or to prevent one individual from submitting hundreds of competition entry forms and "cheat" their chances of winning a competition.
CAPTCHA may be used to screen off only specific functionality in an application, or it may be used as part of the login process, so the vast majority (or all) of the application's functionality is locked behind it.
Can AppCheck scan an application that uses CAPTCHA?
Not the parts of the application that are locked behind the CAPTCHA. AppCheck is an automated process, exactly what CAPTCHAs are designed to block. AppCheck cannot bypass these blocks – if it could then malicious actors could too, and CAPTCHA would be obsolete.
What other options exist to scan those areas of an application that are screened by CAPTCHA?
The same advise applies regarding CAPTCHA as regarding firewalls, WAFs and other forms of defensive system (indeed, the CAPTCHA may be a part of one of those systems). For advice on this topic see our guide Allowing AppCheck Access to Your Network or Applications
Comments
0 comments
Please sign in to leave a comment.