reCAPTCHA bypass via HTTP Parameter Pollution

tl;dr I reported a reCAPTCHA bypass to Google in late January. The bypass required the web application using reCAPTCHA to craft the request to /recaptcha/api/siteverify in an insecure way; but when this situation occurred the attacker was able to bypass the protection every time. The security issue was fixed “upstream” at Google’s reCAPTCHA API and no […]

Read More


Developers and Application Security Every year OWASP local chapters from Latin America organize a huge one month event called OWASP LATAM Tour, where each chapter hosts a one day conference in their city. These events are a great place for security professionals and developers to get together and exchange ideas and knowledge. Just like the […]

Read More

Hello world

I’m Andrés Riancho, and this is my blog. Hacker: Born and raised Argentine, husband, father, software developer, application and cloud security expert. Since I can remember I take things apart to understand how they work and improve them. Initially this lead to many electronic devices with missing parts at my parent’s house, but with time […]

Read More