DEFENSE: How Facebook Protects Its Users Against BREACH, CSRF Attacks

How does Facebook protect its users against BREACH attacks on HTTPS traffic, as well as cross-site request forgery attacks? Chad Parry, a London-based member of the social network’s security infrastructure team, and Christophe Van Gysel, who contributed to the mitigation of BREACH at Facebook as an intern, answered those questions in detail in a note on the Protect the Graph page.