During this test, you will try to discover security flaws in the response message using wrong user data.
-
Send a request with a correct user name and a wrong password.
<login>
<username>smartbear</username>
<password>yesitdoes!</password>
</login> -
For example, you get the following response:
<loginresponse>
<error>Wrong user name for the password</error>
</loginresponse>
The response you have got reveals that the password was correct, so the attacker will use it when trying to find a valid username-password combination.