I think it depends on the nature of your application. CAPTCHAs are used for authentication/authorization and that too mostly for community oriented web applications (like wikis, blogs etc). If your application allows users to contribute something (files/reviews/replies) and you want to authenticate potential users only, then you can go for CAPTCHAs. That will tell human and computer spammers apart as the name suggests. It doesn't really matter if your application is J2EE based or LAMP or .NET or whatever, you can incorporate CAPTCHAs in all of them. Hope this helps.