Testing for User Enumeration and Guessable User Account (OWASP-AT-002)

Brief Summary
The scope of this test is to verify if is possible to collect a set of valid users interacting with the authentication mechanism of the application. This test will be usefull for the brute force testing in which we verify if given a valid username it is possible to find a valid password.

Description of the Issue
The tester should interact with the authentication mechanism of the application to understand if sending particular request the application answer in a different manner. ...here: Short Description of the Issue: Topic and Explanation

Black Box testing and example
Testing for Valid user/right password ... Result Expected: ...

Testing for Valid user/wrong password ... Result Expected: ...

Testing for Valid user/wrong password ... Result Expected: ...

Gray Box testing and example
Testing for Authentication error messages Verify that the application answer in the same manner for every client request of authentication that produce a fail Result Expected: ...