How to test Web site login security
Input validation is critical for the security of Web sites. Here's a techniques you can use to make sure your site isn't vulnerable to SQL injection.
Security is a major aspect of any Web site. Before testing the functionality, first you need to check the login page, because the login page is the main entry for hackers to any Web site. It is the tester's responsibility to check whether the login page is properly secured or not.
The technique you can use to check the security of the login page is this:
Username: ' or 1=1--
If you enter the script given, you can easily log in to the system if developer has not applied proper validation in the code. This technique is called SQL injection, and it means you are terminating the existing query using your script.