But seriously, JS is a major component of so much of what we build online these days and as with our other online things, the security posture of it is enormously important to understand. Recently, I teamed up with good mate and fellow Pluralsight author Aaron Powell who spends his life writing JS things. We spoke about managing auth tokens, identity persistence across sessions, service workers, CORS, third party libraries (and their vulnerabilities), client side validation considerations, anti-forgery tokens and much, much more. This is a 1 hour and 13 minute "Play by Play" so it's Aaron and I talking to the camera whilst doing demos. It's easily consumable content and we reckon it came out great!
BTW - fun fact: Aaron was responsible for introducing me to the folks at Pluralsight back in 2012 which ultimately led to many courses and my independence from corporate life and indeed, life as I know it today. Thanks mate, I owe you a beer 🍺