CAPTCHA, or Completely Automated Public Turing test to tell Computers and Humans Apart, is a security measure commonly used on websites to prevent bots from accessing or manipulating the website. With the increasing threat of automated attacks, it is imperative that CAPTCHA systems are thoroughly tested to ensure they function as intended. Novatesting would like to outline various test cases that should be considered while testing CAPTCHA to ensure its robustness and effectiveness in preventing unwanted access.
| TC#1 | Test the slow authentication image on the Internet. An error message for invalid captcha will not be displayed. |
| TC#2 | Test the wait time for the Captcha. The time during which the authentication image is selected. |
| TC#3 | Verify a new captcha is created in case the user adds a wrong captcha. |
| TC#4 | Verify an appropriate error message is displayed in case the user doesn’t fill in the verification image correctly. |
| TC#5 | Verify an error message is displayed in case the user doesn’t fill in the verification image. |
| TC#6 | Verify an error message is displayed in case the user partially fills in the verification image. |
| TC#7 | Verify an error message is displayed when the page times out waiting for the verification image. |
| TC#8 | Verify if the audio option is added to the verification image as requested. |
| TC#9 | Verify if the authentication image is displayed on the ad-blocker. |
| TC#10 | Verify if the captcha works on adblocker or not. |
| TC#11 | Verify if the website accepts valid authentication images. |
| TC#12 | Verify that a new authentication image will be displayed every time the page is reloaded. |
| TC#13 | Verify that the added captcha is appropriate. |
| TC#14 | Verify that the authentication image is required on the requested website. |
| TC#15 | Verify that the user can request a new authentication image without having to reload the page option. |
| TC#16 | Verify that the user’s IP is blocked when attempting to enter invalid authentication image after a certain number of attempts (may be blocked for a certain time). |
| TC#17 | Verify the authentication image and click the submit button twice. An error message for invalid authentication image will not be displayed. |
| TC#18 | Verify the time period during which the authentication image is uploaded on the website. |
We now tends to use Google’s ReCaptcha and some self-coded ones for Captcha, which can be in the form of Image, Text, or Audio. The method of testing also depends on the form that we are using.