SUPPORT

24/5 Hotline Support Service

+44 (0)20 3588 3841

Open a Support Ticket

support@netsparker.com

BREACH Attack

BREACH stands for ‘Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext’. BREACH Attack detection checks protected connections in which attackers can still view the victim’s encrypted traffic. BREACH Attack detection is a security check that checks multiple criteria:

  • SSL/TLS protected connections
  • HTTP level compression
  • Reflected user input in HTTP response body
  • Reflected a secret (CSRF Token, nonce, etc.) in HTTP response body

There are no additional settings available for the BREACH Attack Detection.

By default, the BREACH Attack Security Check is enabled.

For further information, see Scan Policy Fields and Security Checks.

How to Disable the BREACH Attack Security Check in Netsparker Enterprise

  1. Log in to Netsparker Enterprise.
  2. From the main menu, click Policies, then New Scan Policy.

  1. Click the Security Checks tab.

  1. Deselect the BREACH Attack checkbox.

  1. Click Save.

How to Disable the BREACH Attack Security Check in Netsparker Standard

  1. Open Netsparker Standard.
  2. From the Home tab, click the Scan Policy Editor. The Scan Policy Editor dialog is displayed.

  1. Deselect the BREACH Attack checkbox.
  2. Click OK.
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO