Talk:Testing for Default or Guessable User Account (OWASP-AT-003)

Black box section
What about adding a suggestion to the black box examples about checking page source code and javascript? I've often seen login forms that test the username and redirect the user based on that test, i.e.: If admin then starturl=/admin else /index.asp etc. I'll try to dig up a specific example and add it here.