We have seen a lot of DoS (Denial of Service) attacks in recent times. An old but promising solution to DoS attacks in web applications is to have CAPTCHA implemented in the publicly available form/pages. However, all CAPTCHA implementations are not quite safe, and some implementations would give the user a headache.
There are recent developments on simplifying CAPTCHA- But on simplifying, some developers forget the purpose of CAPTCHA.
Well, what is the purpose of using CAPTCHA?
In simple words CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a program to ‘ensure’ that the user is a human.
Almost 80% of custom CAPTCHA implementations are found to be unsafe during our evaluations. So what all are the measures to make sure the application has safe and simple CAPTCHA?
Why Mobile Application Security?
With the ever increasing penetration of Mobile apps into our day to day life, it’s imperative that Mobile Applications will be at the behest of hackers and Security professionals likewise.
Thanks to phenomenal advances in mobile device capabilities, everything from shopping, banking, recharge, booking tickets and many such activities are performed with the help of a smart phone alone. Hackers are finding more ways to steal data through mobile applications.
Most of the time folks find it really difficult to test web services. It is because we don't have proper knowledge of web services. Before any testing it is important to understand the system, we should know what can be the positive and negative sides of the technology and implementations of that application. Lets dive into the depth of web service testing. To provide a better security solution to the web service we should have a brief understanding of web services, their architectural styles, their constraints and their characteristics that are responsible for their strength as well as weakness.
How many times you feel affronted while reading those stupid numbers or words and re-entering it just to prove that you are a human. We call them CAPTCHA(Completely Automated Public Turing test to tell Computers and Humans Apart) and recommend it to avoid several kind of flooding attacks, brute force attacks and sometimes even for CSRF attacks.
It's time-consuming as well as frustrating.
What is SQL Injection:
I have gone through many SQL Injection tutorials before writing this post. One thing was common at every place, the queries coming from the readers. Many people don’t know what actually SQL Injection is. They think that they can easily enter into the database and make some changes, or they can simply inject some query and will have the username and password of the administrator. Well !!! Till some extent the concept is true but it is not that much easy.