December 2012
Intermediate to advanced
552 pages
13h 16m
English
Content preview from Web Application Defender's Cookbook
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Recipe 15-2: Validating Users with CAPTCHA Testing
This recipe shows you how to verify that the client is human by using CAPTCHA testing.
Ingredients
- ModSecurity
- SecContentInjection directive
- SecStreamOutBodyInspection directive
- STREAM_OUTPUT_BODY variable
- @rsub operator
Recipe 15-1 identified automated programs by confirming that the client can execute JavaScript. This method may not work, however, if some of your clients have disabled JavaScript in their web browsers. How else can we validate that clients are real people and not automated programs? This is the purpose of the Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) concept.
CAPTCHA Defined
A CAPTCHA is a challenge-response test that verifies that a human, rather than an automated program, is entering information. For example, sometimes bots are used to affect search engine rankings or participate in an online poll. The CAPTCHA displays an image of slightly distorted letters and perhaps also numbers and asks the user to enter what he or she sees. This task is easy for a human but difficult or impossible for a bot.
CAPTCHAs are often used to help prevent certain automated attacks:
- Automated account registrations
- Automated ticket purchasing (queue jumping)
- Blog comment spam
Figure 15-1 shows an example of common blog comment spam for a WordPress site that promotes discounted medication.
Figure 15-1: WordPress comment spam
Keep in mind that these types of comment spam ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.