This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Talk:Testing for Default or Guessable User Account (OWASP-AT-003)

Jump to: navigation, search

Black box section

What about adding a suggestion to the black box examples about checking page source code and javascript? I've often seen login forms that test the username and redirect the user based on that test, i.e.: If admin then starturl=/admin else /index.asp etc. I'll try to dig up a specific example and add it here. Rick.mitchell 08:43, 25 June 2008 (EDT)