We work with many customers that use CAPTCHA on their sites. There are a number of ways to handle this situation:
- Turn it off completely
- Embed the correct string as a hidden field on the page itself
- Enable a special test string that always works--irrespective of the CAPTCHA image
Our recommended approach is the last option -- enable a custom string that we can use during our tests. This is the recommended approach because (1) it enables us to start creating tests quickly, (2) is unlikely to be randomly discovered by someone wishing to do harm, (3) it can be quickly disabled after the test, and (4) it leaves the CAPTCHA implementation in place. We've worked with customers that have disabled CAPTCHA for testing just to have that component of the application die under heavy load. We recommend leaving CAPTCHA in place with a custom string so this component can be tested under load.