Element Omission
Element omission is opposite to element duplication. In both cases, you are trying to cause the service to reveal sensitive information with unexpected requests.
To create a request of this type, omit some elements from the body:
<login> <username> smartbear</username> </login>
The response reveals an element you need to gain access to the service.
<loginresponse> <error>element password is expected.</error> </loginresponse>
Also, try the following:
Replace the username with a password:
<login> <password>ReaDyAP1R0ck5</password> </login>
Remove all elements:
<login> </login>