This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Talk:Testing for Default or Guessable User Account (OWASP-AT-003)

From OWASP

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Black box section

What about adding a suggestion to the black box examples about checking page source code and javascript? I've often seen login forms that test the username and redirect the user based on that test, i.e.: If admin then starturl=/admin else /index.asp etc. I'll try to dig up a specific example and add it here. Rick.mitchell 08:43, 25 June 2008 (EDT)

Retrieved from "https://wiki.owasp.org/index.php?title=Talk:Testing_for_Default_or_Guessable_User_Account_(OWASP-AT-003)&oldid=47875"