Firstly...SLLlabs is a fantastic tool
Question - How does a site pass the BEAST check, exactly what are you looking for?
Although there are several ways to mitigate BEAST, we are currently testing for one of them -- forced use of RC4 ciphers. Our test looks for two conditions: 1) server must choose cipher suites and 2) servers must choose RC4 if offered.
We will be implementing other tests soon.
Are you performing the same test on the Vuln Scan side for QID 90741? I notice this is an Authenticated Only detection so I'm assuming something must be different. Can you provide details on QID 90741detection as well?
Retrieving data ...