Web Mobile Login page security | Penetration Testing | VAPT

Don't allow special character in user ID box.

Never display Ora- or any .net message on error. It should be user defined.

Also Sensitive information like server details should not be transferred in plain text between client and server.