Testing for OWASP 2017: Broken Authentication