With this test, you will try to discover any information about system behavior, setup, or data, anything that helps you get into the target system.
To do this, enter a non-existing username. For example, you have the following username and password combination:
Use this login request:
<username> emery bear</username>
Here is the possible response:
<error>That user does not exist</error>
An attacker will potentially use this response to work through a number of usernames until they find the working one.