www.imperva.com
Open in
urlscan Pro
45.60.76.225
Public Scan
URL:
https://www.imperva.com/learn/application-security/what-is-captcha/
Submission: On July 15 via api from US — Scanned from DE
Submission: On July 15 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
<form elem-id="" class="marketo-form" data-form-id="3495" data-form-args="form_args_91660960"></form>Text Content
Under DDoS Attack?
1-866-777-9980
Login
LoginCloud Security ConsoleRASP Console
EN
EnglishENDeutschDEEspañolESFrançaisFRPortuguêsPT-BR日本語日本語한국어KR中文CN
Under DDoS Attack?
1-866-777-9980
Start for FreeContact UsStart for FreeContact Us
* Why Imperva
* Products
Products
* Application Performance
* Application Security
* Data Security
* Network Security
* Imperva Plans
Application Performance
Application Performance Overview
Optimize content delivery and user experience
* Content Delivery Network
Boost website performance with caching and compression
* Waiting Room
Virtual queuing to control visitor traffic
THE IMPORTANCE OF A RESILIENT CDN FOR DIGITAL PERFORMANCE
Get featured report
Application Security
Application Security Overview
Industry-leading application and API protection
* Web Application Firewall
Instantly secure applications from the latest threats
* Advanced Bot Protection
Identify and mitigate the most sophisticated bad bot
* API Security
Discover shadow APIs and the sensitive data they handle
* DDoS Protection
Secure all assets at the edge with guaranteed uptime
* Client-Side Protection
Visibility and control over third-party JavaScript code
* Runtime Protection
Secure workloads from unknown threats and vulnerabilities
* Serverless Protection
Uncover security weaknesses on serverless environments
* Attack Analytics
Complete visibility into your latest attacks and threats
IMPERVA NAMED A SECURITY LEADER IN THE SECUREIQLAB CYBERRISK REPORT
Get featured report
Data Security
Data Security Overview
Protect all data and ensure compliance at any scale
* Data Security Fabric
Multicloud, hybrid security platform protecting all data types
* Cloud Data Security
SaaS-based data posture management and protection
2023 STRATEGIC ROADMAP FOR DATA SECURITY PLATFORM ADOPTION
Get featured report
Network Security
Network Security Overview
Protection and control over your network infrastructure
* DDoS Protection
Secure all assets at the edge with guaranteed uptime
GLOBAL DDOS THREAT LANDSCAPE REPORT
Get featured report
Imperva Plans
* Solutions
Solutions
* By Use Case
* By Industry
* Imperva Plans
By Use Case
* Application Security
* Stop software supply chain attacks
* Mitigate account takeover attacks
* Protect modern web applications
* Secure API inventories
* Protect against online fraud
* Embed security into DevOps
* Data Security
* Safeguard sensitive and personal data
* Advance data governance
* Assure data compliance and privacy
* Securely move data to the cloud
* Observe data risk management
* Monitor user behavior analytics
* Data encryption and cryptographic solutions
* Network Security
* Defend DDoS attacks at scale
* Secure business continuity in the event of an outage
* Application Performance
* Ensure consistent application performance
By Industry
Solutions by Industry
Defense-in-depth security for every industry
* Government
* Healthcare
* Financial Services
* Telecom & ISPs
* Retail
THE STATE OF SECURITY WITHIN ECOMMERCE 2022
Get free report
Imperva Plans
* Support
Support
Support
Support
Looking for technical support or services, please review our various channels
below
* Technical Support
* Services
* Imperva University
* Community
* Support Portal Login
* Documentation
* EOL Policy
* Partners
Partners
* Channel Partners
* Technology Alliance Partners
Channel Partners
Channel Partners Program
Looking for an Imperva partner? Find an approved one with the expertise to
help you
* Channel Partners
* Find a Partner
* Partner Portal Login
IMPERVA REIMAGINES PARTNER PROGRAM: IMPERVA ACCELERATE
Learn how
Technology Alliance Partners
Technology Alliance Partners
Imperva collaborates with the top technology companies
* Technology Alliance Partners (TAP)
* Become a TAP
* Find a TAP
PROTECT YOUR CLOUDERA DATA WITH IMPERVA
Learn more
* Customers
Customers
* Application Security Customer Stories
* Data Security Customer Stories
* See all Customer Stories
Application Security Customer Stories
Application Security Customer Stories
Learn how Imperva enables and protects industry leaders
* Tower ensures website visibility and uninterrupted business operations
* Smallpdf protects its customers and ensures availability
QUÁLITAS CONTINUES ITS QUALITY SERVICES USING IMPERVA APPLICATION SECURITY
Learn how
Data Security Customer Stories
Data Security Customer Stories
Learn how Imperva enables and protects industry leaders
* Banco Popular streamlines operations and lowers operational costs
* Discovery Inc. tackles data compliance in public cloud with Imperva Data
Security Fabric
DISCOVERY INC. TACKLES DATA COMPLIANCE IN PUBLIC CLOUD
Learn how
See all Customer Stories
* Resources
Resources
* Resources
* Threat Research
* Learning Assets
Resources
Resources
Get all the information you need about Imperva products and solutions
* Resource Library
* Blog
* Webinars
* Case Studies
* Privacy, Compliance & Trust Center
* Imperva Certifications
NEW VULNERABILITY IN POPULAR WIDGET SHOWS RISKS OF THIRD-PARTY CODE
Read more
Threat Research
Threat Research
Stay informed on the latest threats and vulnerabilities
* Cyber Threat Index
* Cyber Attack Map
* Free Tools
* Network Map
CYBER THREAT INDEX
Latest threat analysis
Learning Assets
Learning Assets
Expand and share your knowledge
* Learning Center
* Application Security Guide
* Data Security Guide
* Imperva Community
* Documentation Portal
BROWSE THE IMPERVA LEARNING CENTER FOR THE LATEST CYBERSECURITY TOPICS
Explore now
* Company
Company
Company
Company
Get to know us, beyond our products and services
* About Us
* Events
* Careers
* Press & Awards
* Contact Information
2022 SUSTAINABILITY REPORT
Read more
Home > Learning Center > AppSec > CAPTCHA
ARTICLE'S CONTENT
* What is CAPTCHA
* What are CAPTCHAs Used for
* How Does CAPTCHA Work
* Drawbacks of Using CAPTCHA
* CAPTCHA Types: Examples
* Imperva Bot Detection: CAPTCHA as a Last Line of Defense
CAPTCHA
187.5k views
App SecurityEssentials
WHAT IS CAPTCHA
CAPTCHA stands for the Completely Automated Public Turing test to tell Computers
and Humans Apart. CAPTCHAs are tools you can use to differentiate between real
users and automated users, such as bots. CAPTCHAs provide challenges that are
difficult for computers to perform but relatively easy for humans. For example,
identifying stretched letters or numbers, or clicking in a specific area.
WHAT ARE CAPTCHAS USED FOR
CAPTCHAs are used by any website that wishes to restrict usage by bots. Specific
uses include:
* Maintaining poll accuracy—CAPTCHAs can prevent poll skewing by ensuring that
each vote is entered by a human. Although this does not limit the overall
number of votes that can be made, it makes the time required for each vote
longer, discouraging multiple votes.
* Limiting registration for services—services can use CAPTCHAs to prevent bots
from spamming registration systems to create fake accounts. Restricting
account creation prevents waste of a service’s resources and reduces
opportunities for fraud.
* Preventing ticket inflation—ticketing systems can use CAPTCHA to limit
scalpers from purchasing large numbers of tickets for resale. It can also be
used to prevent false registrations to free events.
* Preventing false comments—CAPTCHAs can prevent bots from spamming message
boards, contact forms, or review sites. The extra step required by a CAPTCHA
can also play a role in reducing online harassment through inconvenience.
×
Jul 11 Upcoming Webinar
BAD BOTS: BALANCING PROTECTION AGAINST CUSTOMER EXPERIENCE
Register Now
×
HOW DOES CAPTCHA WORK
CAPTCHAs work by providing information to a user for interpretation. Traditional
CAPTCHAs provided distorted or overlapping letters and numbers that a user then
has to submit via a form field. The distortion of the letters made it difficult
for bots to interpret the text and prevented access until the characters were
verified.
This CAPTCHA type relies on a human’s ability to generalize and recognize novel
patterns based on variable past experience. In contrast, bots can often only
follow set patterns or input randomized characters. This limitation makes it
unlikely that bots will correctly guess the right combination.
Since CAPTCHA was introduced, bots that use machine learning have been
developed. These bots are better able to identify traditional CAPTCHAs with
algorithms trained in pattern recognition. Due to this development, newer
CAPTCHA methods are based on more complex tests. For example, reCAPTCHA requires
clicking in a specific area and waiting until a timer runs out.
DRAWBACKS OF USING CAPTCHA
The overwhelming benefit of CAPTCHA is that it is highly effective against all
but the most sophisticated bad bots. However, CAPTCHA mechanisms can negatively
affect the user experience on your website:
* Disruptive and frustrating for users
* May be difficult to understand or use for some audiences
* Some CAPTCHA types do not support all browsers
* Some CAPTCHA types are not accessible to users who view a website using
screen readers or assistive devices
CAPTCHA TYPES: EXAMPLES
Modern CAPTCHAs fall into three main categories—text-based, image-based, and
audio.
TEXT-BASED CAPTCHAS
Text-based CAPTCHAs are the original way in which humans were verified. These
CAPTCHAs can use known words or phrases, or random combinations of digits and
letters. Some text-based CAPTCHAs also include variations in capitalization.
The CAPTCHA presents these characters in a way that is alienated and requires
interpretation. Alienation can involve scaling, rotation, distorting characters.
It can also involve overlapping characters with graphic elements such as color,
background noise, lines, arcs, or dots. This alienation provides protection
against bots with insufficient text recognition algorithms but can also be
difficult for humans to interpret.
Text-based CAPTCHA patterns
Techniques for creating text-based CAPTCHAs include:
* Gimpy—chooses an arbitrary number of words from an 850-word dictionary and
provides those words in a distorted fashion.
* EZ-Gimpy—is a variation of Gimpy that uses only one word.
* Gimpy-r—selects random letters, then distorts and adds background noise to
characters.
* Simard’s HIP—selects random letters and numbers, then distorts characters
with arcs and colors.
CAPTCHA IMAGE
Image-based CAPTCHAs were developed to replace text-based ones. These CAPTCHAs
use recognizable graphical elements, such as photos of animals, shapes, or
scenes. Typically, image-based CAPTCHAs require users to select images matching
a theme or to identify images that don’t fit.
You can see an example of this type of CAPTCHA below. Note that it defines the
theme using an image instead of text.
Example of image-based CAPTCHA
Image-based CAPTCHAs are typically easier for humans to interpret than
text-based. However, these tools present distinct accessibility issues for
visually impaired users. For bots, image-based CAPTCHAs are more difficult than
text to interpret because these tools require both image recognition and
semantic classification.
AUDIO CAPTCHA
Audio CAPTCHAs were developed as an alternative that grants accessibility to
visually impaired users. These CAPTCHAs are often used in combination with text
or image-based CAPTCHAs. Audio CAPTCHAs present an audio recording of a series
of letters or numbers which a user then enters.
These CAPTCHAs rely on bots not being able to distinguish relevant characters
from background noise. Like text-based CAPTCHAs, these tools can be difficult
for humans to interpret as well as for bots.
MATH OR WORD PROBLEMS
Some CAPTCHA mechanisms ask users to solve a simple mathematical problem such as
“3+4” or “18-3”. The assumption is that a bot will find it difficult to identify
the question and devise a response. Another variant is a word problem, asking
the user to type the missing word in a sentence, or complete a sequence of
several related terms. These types of problems are accessible to vision impaired
users, but at the same time they may be easier for bad bots to solve.
SOCIAL MEDIA SIGN IN
A popular alternative to CAPTCHA is requiring users to sign in using a social
profile such as Facebook, Google or LinkedIn. The user’s details will be
automatically filled in using single sign on (SSO) functionality provided by the
social media website.
This is still disruptive, but may actually be easier for the user to complete
than other forms of CAPTCHA. An additional benefit is that it is a convenient
registration mechanism.
NO CAPTCHA RECAPTCHA
This type of CAPTCHA, known for its use by Google, is much easier for users than
most other types. It provides a checkbox saying “I am not a robot” which users
need to select – and that’s all. It works by tracking user movements and
identifying if the click and other user activity on the page resembles human
activity or a bot. If the test fails, reCAPTCHA provides a traditional image
selection CAPTCHA, but in most cases the checkbox test suffices to validate the
user.
See how Advanced Bot Protection can help you with stopping bad bots.
Request demo Learn more
IMPERVA BOT DETECTION: CAPTCHA AS A LAST LINE OF DEFENSE
Imperva provides a bot detection solution that is built for minimal business
disruption. It offers several types of challenges which filter out bad bot
traffic with minimal impact on human users—including device fingerprinting,
cookie challenges and JavaScript challenges.
Imperva provides the option to deploy CAPTCHAs, but uses it as the final line of
defense, if all other bot identification mechanisms fail. This means it will be
used for a very small percentage of user traffic. Imperva does provide the
option to manually enforce CAPTCHA, for websites that need a stricter approach
to advanced bot protection.
In addition to providing bad bot mitigation, Imperva provides multi-layered
protection to make sure websites and applications are available, easily
accessible and safe. The Imperva application security solution includes:
* DDoS Protection—maintain uptime in all situations. Prevent any type of DDoS
attack, of any size, from preventing access to your website and network
infrastructure.
* CDN—enhance website performance and reduce bandwidth costs with a CDN
designed for developers. Cache static resources at the edge while
accelerating APIs and dynamic websites.
* Cloud WAF—permit legitimate traffic and prevent bad traffic. Safeguard your
applications at the edge with an enterprise‑class cloud WAF.
* Gateway WAF—keep applications and APIs inside your network safe with Imperva
Gateway WAF.
* RASP—keep your applications safe from within against known and zero‑day
attacks. Fast and accurate protection with no signature or learning mode.
LATEST BLOGS
Application Security
...
* Imperva
Understanding and Mitigating the MOVEit Incidents
Kunal Anand
Jun 19, 2023 2 min read
Imperva
...
* Application Security
Anonymous Sudan, MOVEit, and Cl0p
Kunal Anand
Jun 15, 2023 2 min read
Application Security
How Ticket Scalping Impacts Asia’s Live Entertainment Industry
Erez Hasson
Jun 14, 2023 5 min read
Application Security
Preventing Bot Attacks and Online Fraud on APIs
Erez Hasson
May 17, 2023 6 min read
Application Security
What We Learned from the 2023 Imperva Bad Bot Report
Erez Hasson
May 10, 2023 3 min read
Application Security
Imperva Continues to Innovate With New Features for Online Fraud Prevention
Erez Hasson
May 1, 2023 5 min read
Application Security
Imperva Unveils Latest API Security Enhancements
Lebin Cheng
Apr 25, 2023 3 min read
Application Security
Imperva and Kong Partner to Bring API Security to the Gateway for Enhanced
API[…]
Lebin Cheng
Apr 19, 2023 3 min read
LATEST ARTICLES
App Security
...
* Essentials
* Protocols
OSI Model
922.7k Views
App Security
...
* Essentials
Penetration Testing
573.2k Views
Network Security
...
* DDoS
* Essentials
DDoS Attacks
381k Views
App Security
...
* Essentials
* Threats
Buffer Overflow Attack
217.1k Views
Network Security
...
* DDoS
* Essentials
Distributed Denial of Service (DDoS)
213.7k Views
App Security
...
* Attack Tools
* Essentials
* Threats
Bots
157k Views
Network Security
...
* Connection Optimization
* Essentials
Sticky Session
153.4k Views
Data Security
...
* Essentials
Data Loss Prevention (DLP)
143.6k Views
+1 866 926 4678
Partners
* Imperva Partner Ecosystem
* Channel Partners
* Technology Alliances
* Find a Partner
* Partner Portal Login
Resources
* Imperva Blog
* Resource Library
* Case Studies
* Learning Center
About Us
* Why Imperva
* Who We Are
* Events
* Careers
* Press & Awards
* Contact Information
Network
* Network Map
* System Status
Support
* Emergency DDoS Protection
* Support Portal
* Imperva Community
* Documentation Portal
* API Integration
* Trust Center
Cookies Settings Trust Center Modern Slavery Statement Privacy Legal
English
EnglishDeutschEspañolFrançaisPortuguês日本語中文
+1 866 926 4678
English
EnglishDeutschEspañolFrançaisPortuguês日本語中文
*
*
*
*
*
*
*
Cookies Settings Trust Center Modern Slavery Statement Privacy Legal
Copyright © 2023 Imperva. All rights reserved
×
THE 10TH ANNUAL BAD BOT REPORT
The evolution of malicious automation over the last decade
Download Now
×
PREVOTY IS NOW PART OF THE IMPERVA RUNTIME PROTECTION
* Protection against zero-day attacks
* No tuning, highly-accurate out-of-the-box
* Effective against OWASP top 10 vulnerabilities
Learn more here
× Want to see Imperva in action? Fill out the form and our experts will be in
touch shortly to book your personal demo.
THANK YOU!
An Imperva security specialist will contact you shortly.
×
“Imperva prevented 10,000 attacks in the first 4 hours of Black Friday weekend
with no latency to our online customers.”
Top 3 US Retailer
Imperva uses cookies to improve your experience, deliver personalized content
and analyze our traffic. You may modify your cookies settings at any time, as
explained in our Cookie Notice
Cookies Settings Reject All Accept All