Imagine that you are asked to test a web application. You decide to first look at the application to get an idea of what it does and how. The login page. You try to put yourself in an attacker’s shoe. How would he try to gain access to our application through the login page. One of things that come to your mind is