Web Security Blog

How the BEAST attack works: Reading encrypted data without decryption

BEAST, or Browser Exploit Against SSL/TLS, was a man-in-the-middle attack that could expose information from an encrypted SSL/TLS 1.0 session. The attack exploited a known cipher suite vulnerability that was considered low-risk until a proof of concept arrived, prompting browser vendors and web server administrators to quickly move to TLS v1.1. This article shows how the BEAST attack worked, how a theoretical vulnerability became practically exploitable, and why modern browsers are no longer vulnerable.

Read more

Invicti Security

Doubling down on components: SCA and Container Security on the Invicti platform

3 AppSec headaches you can cure with Predictive Risk Scoring

Top 5 injection attacks in application security

Layered security testing is the way—and DAST is what holds the layers together

Insecure deserialization in web applications

From radio waves to AppSec: Introducing Invicti’s AppSec Serialized podcast

Debunking the top 5 myths about DAST

The Helix Files: Choose Your Own Adventure

HTTP security headers: An easy way to harden your web applications

The OWASP API Security Top 10 demystified

What’s the big deal with post-quantum cryptography?

Invicti Security

How the DORA framework mandates application security testing (and many other things)