Skip to main content

Ascertain human interaction

Summary

The system must guarantee that user actions are performed by a human (e.g., registration, authentication and password recovery). This can be achieved using CAPTCHA, incremental delays or mechanisms that prevent excessive crawling and indexing.

Description

There exist several attacks that have been automated or depend on a robot for their execution. Many of them focus on exploiting vulnerabilities in authentication forms. In order to hinder the effectiveness of these attacks, the system must implement mechanisms that help ensure that the entity with which it is interacting is a human being.

Supported In

This requirement is verified in following services

PlanSupported
Essential🔴
Advanced🟢

References

Vulnerabilities

free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.