Testing CAPTCHAs

General Definition of CAPTCHA states that it is a program that protects websites against bots by generating and grading tests that humans can pass but current computer programs cannot. For example, humans can read distorted text as the one shown below, but current computer programs can't. This is similar to a challenge response test that can only be done by humans and cannot be done by bots.

People call them a CAPTCHA but its full form is Computer Automated Public Turing Test To Tell Computers And Humans Apart.

The following is the importance of a CAPTCHA in a web-site:
  • The main use of a CAPTCHA is to restrict the access of BOTS.
  • Protection during registration in websites.
  • Spam contents are prevented and protected.
  • This is mainly utilized in security and accessibility.
  • Humans can understand that the specific processes are done by humans and not bots.
  • Emails and spam can be checked via this whether this is sent by humans or else bots using CAPTCHA.

Testing methods of CAPTCHA

  • Whenever the page is refreshed the CAPTCHA must be a new one and should not be duplications.
  • There should be distortion in text.
  • Difference in characters like uppercase, lowercase and alphanumeric should be implemented.
  • Validation of the CAPTCHA field should be higher-level.
  • If someone lefts the CAPTCHA field there must be a client-side error message displaying.
  • Case sensitivity should be used.
  • CAPTCHA must be refreshed for every wrong entry.
  • Audio-support must be verified similarly if it is enabled.
  • There should be a reference call using ajax where “Please refresh CAPTCHA code” nearby the field.
  • If the web page is rendered from other sites then the smoothness of data or CAPTCHA code fetched must be checked with smoothness and correctness.
  • Proper TAB indexing must be done for a CAPTCHA field also because without refreshing the CAPTCHA might use its older one to submit the form.
  • CAPTCHA images must be named randomly and the order of a CAPTCHA entry must be random and not by proper order.
  • CAPTCHA must be designed very well for all the browsers and most commonly there will be a problem with browsers.

Thus testing a CAPTCHA is very important to reduce the risks and damages in securities from hackers using BOTS.