DEFENSE: How Facebook Protects Its Users Against BREACH, CSRF Attacks

How does Facebook protect its users against BREACH attacks on HTTPS traffic, as well as cross-site request forgery attacks? Chad Parry, a London-based member of the social network’s security infrastructure team, and Christophe Van Gysel, who contributed to the mitigation of BREACH at Facebook as an intern, answered those questions in detail in a note on the Protect the Graph page.

ToySolidersOnKeyboard650How does Facebook protect its users against BREACH attacks on HTTPS traffic, as well as cross-site request forgery attacks? Chad Parry, a London-based member of the social network’s security infrastructure team, and Christophe Van Gysel, who contributed to the mitigation of BREACH at Facebook as an intern, answered those questions in detail in a note on the Protect the Graph page.

Parry and Van Gysel wrote:

Platforms like Facebook prevent CSRF attacks by issuing the user a secret “CSRF token.” No Web request may take an action on behalf of someone unless it also presents that person’s token.

AW+

WORK SMARTER - LEARN, GROW AND BE INSPIRED.

Spring Special

Save 30% Off an ADWEEK Subscription Today!

View Your Options

Already a member? Sign in