Explore the security implications of Single Page Applications (SPAs) in this 30-minute AppSecUSA 2018 conference talk. Delve into the potential vulnerabilities introduced by the SPA paradigm, particularly in light of the increasing popularity of frameworks like Angular and React. Learn about common security pitfalls affecting SPAs and discover effective mitigation strategies. Gain insights from Microsoft Security Engineers Rafael Dreher and Murali Vadakke Puthanveetil as they discuss topics such as stateful vs stateless applications, JSON handling, cache control, local storage, and resource sharing. Watch a live demo of cross-site scripting and understand the importance of Content Security Policy (CSP). Take away key lessons on securing SPAs, including the proper use of HTTP-only flags and techniques to prevent data theft.