OWASP PureCaptcha

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

Welcome to OWASP Pure Captcha project page!

OWASP PureCaptcha
Use CAPTCHAs in your application without any dependencies, no required libraries and nothing to install. Just include a single small source-code file to have fully functional lightweight CAPTCHAs in your project.

Description
CAPTCHA is a feature detecting humans from computers, needed in many aspects of all web applications to prevent bots from flooding and spamming. Unfortunately all existing libraries and APIs require too much effort for a small application to be feasible and maintainable, so a lot of developers just give up on using CAPTCHAs where they are needed. This is due to the fact that generating CAPTCHAs requires a large body of code libraries to be available. It depends on image manipulation (like GD and Imagick), font rendering (Freetype and etc.) SOAP or Curl and etc. each of which are high level libraries and have a lot more dependencies. PureCapthca provides a single source code file which does the entire CAPTCHA generation and handling, because it only includes code for rendering a few alphanumeric letters from scratch, creating simple BMP files from nothing and modifying simple bitmap images.

This allows developers to easily add a single source code file to their projects and reap full CAPTCHA benefits with minimal memory and processing footprint and ZERO dependencies.

Licensing
Creative Commons Attribution ShareAlike 3.0 License

Apache 2 License


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

Project Resources
Download

Source Code

Project Leader
[mailto:abiasx@owasp.org Abbas Naderi]

Related Projects
OWASP PHP Security Project

CSRFProtector Project

Classifications

 * valign="top" style="padding-left:25px;width:200px;" |

News and Events
First version released!

= Documentation =
 * }

There are basically three operations needed to properly utilize CAPTCHAs:

This can be done by the show method of PureCaptcha. It will terminate the current request and return an image to the client. The show method also returns a string equal to the Captcha contents. You need to persist it on the session for the user (preferably for a limited amount of time). The example code shows how this can be done simply in your programming language, but any other persistence layer would be fine. Keep in mind that for every Captcha used inside your application (e.g one for login page, one for password reset page, one for remove user page) you should persist the Captcha separately, so that a user can simultaneously use all your applications functionalities without one Captcha overriding the expected value for the other. It is very important to remove the Captcha from persistence after its validated, whether its wrong or right. If you leave a Captcha persisting after validation, attackers can bypass your Captcha by inspecting it once and then using the same Captcha over and over to send requests to your application. See the example usages for more details.
 * Generating A Captcha
 * Persisting The Captcha Value
 * Validating The Captcha

=FAQs=

How Can I Use PureCaptcha?
Just include the source code file in your project, and visit the sample usage files to learn how to properly use a captcha.

How can I participate in your project?
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

If I am not a programmer can I participate in your project?
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

Volunteers
The first contributors to the project were:


 * Abbas Naderi

= Road Map and Getting Involved =

Roadmap
Currently PHP library is available and tested. Porting to all major programming languages is the next step. Since the library is pretty small, this shouldn't be a hard task and can be done in one summer by 1 candidate.

Getting Involved
Involvement in the development and promotion is actively encouraged! You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

Coding
Any programming language you like, you can either port PureCaptcha to or improve the existing code!

Localization
Are you fluent in another language? Can you help translate the text strings and documents into that language?

Testing
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.

Feedback
mailing list: TBA  What do like? What don't you like? What features would you like to see prioritized on the roadmap? 