If you get the web application from the login page, what can you do?

Test the enumeration of users, including observing the error that the application receives when entering the wrong username and password. Perform SQL injection at all entry points.also we can do click jacking.