BREACH stands for ‘Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext’. BREACH Attack detection checks protected connections in which attackers can still view the victim’s encrypted traffic. BREACH Attack detection is a security check that checks multiple criteria:
- SSL/TLS protected connections
- HTTP level compression
- Reflected user input in HTTP response body
- Reflected a secret (CSRF Token, nonce, etc.) in HTTP response body
There are no additional settings available for the BREACH Attack Detection.
By default, the BREACH Attack Security Check is enabled.
For further information, see Scan Policy Fields and Security Checks.
How to Disable the BREACH Attack Security Check in Acunetix 360
- Log in to Acunetix 360.
- From the main menu, click Policies, then New Scan Policy.
- Click the Security Checks tab.
- Deselect the BREACH Attack checkbox.
- Click Save.