During this test, you will try to discover security flaws in the response message using wrong user data.
Send a request with a correct user name and a wrong password.
For example, you get the following response:
<error>Wrong user name for the password</error>
The response you have got reveals that the password was correct, so the attacker will use it when trying to find a valid username-password combination.