Skip navigation
3330 Views 2 Replies Latest reply: Oct 6, 2011 5:24 AM by QM_SSJ4 RSS
Mark Shaw Level 1 27 posts since
Sep 28, 2010
Currently Being Moderated

Oct 4, 2011 3:41 PM

BEAST Attack - Not Vulnerably



Firstly...SLLlabs is a fantastic tool


Question - How does a site pass the BEAST check, exactly what are you looking for?



  • Ivan Ristic Level 4 489 posts since
    Jul 23, 2010
    Currently Being Moderated
    Oct 4, 2011 6:20 PM (in response to Mark Shaw)
    BEAST Attack - Not Vulnerably

    Although there are several ways to mitigate BEAST, we are currently testing for one of them -- forced use of RC4 ciphers. Our test looks for two conditions: 1) server must choose cipher suites and 2) servers must choose RC4 if offered.


    We will be implementing other tests soon.

    • QM_SSJ4 Level 2 47 posts since
      May 12, 2011
      Currently Being Moderated
      Oct 6, 2011 5:24 AM (in response to Ivan Ristic)
      BEAST Attack - Not Vulnerably

      Are you performing the same test on the Vuln Scan side for QID 90741? I notice this is an Authenticated Only detection so I'm assuming something must be different. Can you provide details on QID 90741detection as well?

More Like This

  • Retrieving data ...

Bookmarked By (0)


  • Correct Answers - 10 points
  • Helpful Answers - 6 points