This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Talk:Testing for Default or Guessable User Account (OWASP-AT-003)
From OWASP
Revision as of 12:38, 7 December 2008 by KirstenS (talk | contribs) (Talk:Testing for Default or Guessable User Account moved to Talk:Testing for Default or Guessable User Account (OWASP-AT-003))
Black box section
What about adding a suggestion to the black box examples about checking page source code and javascript? I've often seen login forms that test the username and redirect the user based on that test, i.e.: If admin then starturl=/admin else /index.asp etc. I'll try to dig up a specific example and add it here. Rick.mitchell 08:43, 25 June 2008 (EDT)