post about ndc security talk

run.bat

@@ -1 +1 @@
-hugo server -w -b "http://localhost" --source "%cd%\src"  --destination "%cd%\.output" --port 4014 --bind "127.0.0.1"
+hugo server -w -b "http://localhost" --source "%cd%\src"  --destination "%cd%\.output" --port 4014 --bind "127.0.0.1" --buildDrafts

src/content/posts/2018-05-16-securing-spas-ndc-security.md

@@ -0,0 +1,19 @@
++++
+title = "Securing SPA's at NDC Security"
+date = 2018-05-22T15:25:18+10:00
+description = "Some info about my NDC Security talk on Securing Single Page Apps"
+draft = false
+tags = ["javascript", "speaking", "security", "pluralsight"]
++++
+
+Last week I had the pleasure of speaking at the first [NDC Security Australia](https://ndcsecurity.com.au) on the topic of Securing Single Page Applications.
+
+This talk was an extension of a recent [Pluralsight Play by Play](https://app.pluralsight.com/library/courses/play-by-play-javascript-security/) that [Troy Hunt](https://troyhunt.com) collaborated on under the same topic.
+
+The slides from the talk are available [here](https://1drv.ms/p/s!AuqPraTuWKFLt8t--Dk_3Xdz_UO7YQ).
+
+In the talk I refer to [this blog post](https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5) about harvesting credit card details using npm packages and that you can use tools like [Sonar](https://sonarwhal.com/), [Retire.js](http://retirejs.github.io/retire.js/) and [Snyk.io](https://snyk.io/) to track issues in your external dependencies.
+
+I also talked about creating keyloggers in CSS, using [this PoC](https://github.com/maxchehab/CSS-Keylogging), but I might write a bigger piece about that in the future.
+
+I think this is a great talk, and a topic that is too often overlooked, so if you'd be interested in learning more get in touch and we'll see if I can't work out a time to present it again :grinning:.