Skip navigation
3336 Views 2 Replies Latest reply: Oct 6, 2011 5:24 AM by QM_SSJ4 RSS
Mark Shaw Level 1 27 posts since
Sep 28, 2010
Currently Being Moderated

Oct 4, 2011 3:41 PM

BEAST Attack - Not Vulnerably

Hi

 

Firstly...SLLlabs is a fantastic tool

 

Question - How does a site pass the BEAST check, exactly what are you looking for?

 

Cheers

  • Ivan Ristic Level 5 500 posts since
    Jul 23, 2010
    Currently Being Moderated
    Oct 4, 2011 6:20 PM (in response to Mark Shaw)
    BEAST Attack - Not Vulnerably

    Although there are several ways to mitigate BEAST, we are currently testing for one of them -- forced use of RC4 ciphers. Our test looks for two conditions: 1) server must choose cipher suites and 2) servers must choose RC4 if offered.

     

    We will be implementing other tests soon.

    • QM_SSJ4 Level 2 47 posts since
      May 12, 2011
      Currently Being Moderated
      Oct 6, 2011 5:24 AM (in response to Ivan Ristic)
      BEAST Attack - Not Vulnerably

      Are you performing the same test on the Vuln Scan side for QID 90741? I notice this is an Authenticated Only detection so I'm assuming something must be different. Can you provide details on QID 90741detection as well?

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 6 points